CVE-2024-3301

Summary

An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesDELMIA AprisoRelease 2019 Golden <= Release 2019 SP5affected
Dassault SystèmesDELMIA AprisoRelease 2020 Golden <= Release 2020 SP4affected
Dassault SystèmesDELMIA AprisoRelease 2021 Golden <= Release 2021 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2022 Golden <= Release 2022 SP3affected
Dassault SystèmesDELMIA AprisoRelease 2023 Golden <= Release 2023 SP2affected
Dassault SystèmesDELMIA AprisoRelease 2024 Golden <= Release 2024 SP1affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References