CVE-2023-5598 - Vulnerability Details - OpenCVE

Description

Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.

Published: 2023-11-21

Score: 5.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Dassault Systèmes

3DSwymer

unaffected

Version	Status	Constraints
`Release 3DEXPERIENCE R2022x Golden`	affected	≤ Release 3DEXPERIENCE R2022x.FP.CFA.2337
`Release 3DEXPERIENCE R2023x Golden`	affected	≤ Release 3DEXPERIENCE R2023x FP.CFA.2333

Configuration 1 [-]

OR	cpe:2.3:a:dassault:3dswymer_3dexperience_2022:fp.cfa.2337:::::::*
	cpe:2.3:a:dassault:3dswymer_3dexperience_2023:fp.cfa.2333:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-57891	Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00184.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.3ds.com/vulnerability/advisories

History

No history.

Subscriptions

Dassault 3dswymer 3dexperience 2022 3dswymer 3dexperience 2023

MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2023-11-21T09:29:05.310Z

Updated: 2024-08-02T08:07:31.903Z

Reserved: 2023-10-16T08:52:28.948Z

Link: CVE-2023-5598

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-21T10:15:07.900

Modified: 2024-11-21T08:42:05.993

Link: CVE-2023-5598

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5598", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2023-10-16T08:52:28.948Z", "datePublished": "2023-11-21T09:29:05.310Z", "dateUpdated": "2024-08-02T08:07:31.903Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2023-11-29T09:25:56.435Z"}, "title": "Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "3DSwymer", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2022x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2022x.FP.CFA.2337", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x FP.CFA.2333", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."}]}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:31.903Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dassault:3dswymer_3dexperience_2022:fp.cfa.2337:*:*:*:*:*:*:*", "matchCriteriaId": "4BF77583-94F4-4C4B-92FF-1D090B75E7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dassault:3dswymer_3dexperience_2023:fp.cfa.2333:*:*:*:*:*:*:*", "matchCriteriaId": "AB7F9BE0-9C95-46D0-B7DF-63146A84B297", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code."}, {"lang": "es", "value": "Vulnerabilidades de Cross-site Scripting (XSS) Almacenadas que afectan a 3DSwym en 3DSwymer desde la versi\u00f3n 3DEXPERIENCE R2022x hasta la versi\u00f3n 3DEXPERIENCE R2023x permiten a un atacante ejecutar c\u00f3digo script arbitrario."}], "id": "CVE-2023-5598", "lastModified": "2024-11-21T08:42:05.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-21T10:15:07.900", "references": [{"source": "3DS.Information-Security@3ds.com", "tags": ["Vendor Advisory"], "url": "https://www.3ds.com/vulnerability/advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.3ds.com/vulnerability/advisories"}], "sourceIdentifier": "3DS.Information-Security@3ds.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "3DS.Information-Security@3ds.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}