OpenCVE

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
3ds	Enovia Live Collaboration

Configuration 1 [-]

cpe:2.3:a:3ds:enovia_live_collaboration:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.3ds.com/vulnerability/advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2023-03-09T16:33:09.843Z

Updated: 2024-08-02T05:40:59.886Z

Reserved: 2023-03-09T10:29:56.972Z

Link: CVE-2023-1288

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-09T17:15:10.343

Modified: 2024-11-21T07:38:50.780

Link: CVE-2023-1288

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1288", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2023-03-09T10:29:56.972Z", "datePublished": "2023-03-09T16:33:09.843Z", "dateUpdated": "2024-08-02T05:40:59.886Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2023-03-20T13:17:14.853Z"}, "title": "ENOVIA Live Collaboration V6R2013xE is affected by an XML External Entity injection (XXE) vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-250", "descriptions": [{"lang": "en", "value": "CAPEC-250 XML Injection"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "ENOVIA Live Collaboration", "versions": [{"status": "affected", "version": "V6R2013xE Golden", "lessThanOrEqual": "V6R2013xE FP.CFA.2228", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\nAn XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "\n\n\n\n\n\n\n\n\nAn XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server."}]}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Shadi Habbal from T\u00dcV Rheinland i-sec GmbH", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:40:59.886Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["x_transferred"]}]}]}}