CVE-2024-6377

Summary

An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.

Affected Software

VendorProductVersion RangeStatus
Dassault Systèmes3DSwymerRelease 3DEXPERIENCE R2022x Golden <= Release 3DEXPERIENCE R2022x.FP.CFA.2424affected
Dassault Systèmes3DSwymerRelease 3DEXPERIENCE R2023x Golden <= Release 3DEXPERIENCE R2023x.FP.CFA.2419affected
Dassault Systèmes3DSwymerRelease 3DEXPERIENCE R2024x Golden <= Release 3DEXPERIENCE R2024x.FP.CFA.2424affected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References