CVE-2023-2140
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022
could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso | Apriso 2017 Golden <= Apriso 2017 SP7 | affected |
| Dassault Systèmes | DELMIA Apriso | Apriso 2018 Golden <= Apriso 2018 SP4 | affected |
| Dassault Systèmes | DELMIA Apriso | Apriso 2019 Golden <= Apriso 2019 SP5 | affected |
| Dassault Systèmes | DELMIA Apriso | Apriso 2020 Golden <= Apriso 2020 SP4 | affected |
| Dassault Systèmes | DELMIA Apriso | Apriso 2021 Golden <= Apriso 2021 SP2 | affected |
| Dassault Systèmes | DELMIA Apriso | Apriso 2022 Golden | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.