CVE-2023-2139

Summary

A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesDELMIA AprisoApriso 2017 Golden <= Apriso 2017 SP7affected
Dassault SystèmesDELMIA AprisoApriso 2018 Golden <= Apriso 2018 SP4affected
Dassault SystèmesDELMIA AprisoApriso 2019 Golden <= Apriso 2019 SP5affected
Dassault SystèmesDELMIA AprisoApriso 2020 Golden <= Apriso 2020 SP4affected
Dassault SystèmesDELMIA AprisoApriso 2021 Golden <= Apriso 2021 SP1affected
Dassault SystèmesDELMIA AprisoApriso 2022 Goldenaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References