CVE-2023-3589

Summary

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References