CVE-2023-1997

EPSS 0.32%
Veröffentlicht 28.08.2023 16:15:08
Zuletzt bearbeitet 21.11.2024 07:40:18
Quelle 3DS.Information-Security@3ds.c
CVE-Watchlists
Login
Unerledigt
Login

OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

3ds ≫ 3dexperience Versionr2021x

3ds ≫ 3dexperience Versionr2022x

3ds ≫ 3dexperience Versionr2023x

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.549

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3DS.Information-Security@3ds.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.3ds.com/vulnerability/advisories

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1997

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1997

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1997

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1997