CVE-2024-1624
9.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dassault Systèmes | Documentation server | Release 3DEXPERIENCE R2022x Golden <= Release 3DEXPERIENCE R2022x.FP.CFA.2406 | affected |
| Dassault Systèmes | Documentation server | Release 3DEXPERIENCE R2023x Golden <= Release 3DEXPERIENCE R2023x FP.CFA.2350 | affected |
| Dassault Systèmes | Documentation server | Release 3DEXPERIENCE R2024x Golden <= Release 3DEXPERIENCE R2024x.FP.CFA.2405 | affected |
| Dassault Systèmes | Documentation server | SIMULIA Abaqus Release 2022 Golden <= SIMULIA Abaqus Release 2022.FP.CFA.2406 | affected |
| Dassault Systèmes | Documentation server | SIMULIA Abaqus Release 2023 Golden <= SIMULIA Abaqus Release 2023.FP.CFA.2350 | affected |
| Dassault Systèmes | Documentation server | SIMULIA Abaqus Release 2024 Golden <= SIMULIA Abaqus Release 2024.FP.CFA.2405 | affected |
| Dassault Systèmes | Documentation server | SIMULIA Isight Release 2022 Golden | affected |
| Dassault Systèmes | Documentation server | SIMULIA Isight Release 2023 Golden | affected |
| Dassault Systèmes | Documentation server | SIMULIA Isight Release 2024 Golden | affected |
| Dassault Systèmes | Documentation server | CATIA Composer Release R2023 Golden <= CATIA Composer Release R2023 Refresh4 | affected |
| Dassault Systèmes | Documentation server | CATIA Composer Release R2024 Golden <= CATIA Composer Release R2024 Refresh3 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.