CVE-2023-2140

Summary

A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022

could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesDELMIA AprisoApriso 2017 Golden <= Apriso 2017 SP7affected
Dassault SystèmesDELMIA AprisoApriso 2018 Golden <= Apriso 2018 SP4affected
Dassault SystèmesDELMIA AprisoApriso 2019 Golden <= Apriso 2019 SP5affected
Dassault SystèmesDELMIA AprisoApriso 2020 Golden <= Apriso 2020 SP4affected
Dassault SystèmesDELMIA AprisoApriso 2021 Golden <= Apriso 2021 SP2affected
Dassault SystèmesDELMIA AprisoApriso 2022 Goldenaffected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References