OpenCVE

An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
3ds	3dexperience
Dassault	3dswymer 3dexperience 2022 3dswymer 3dexperience 2023 3dswymer 3dexperience 2024

Configuration 1 [-]

cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.3ds.com/vulnerability/advisories

History

Tue, 27 Aug 2024 08:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-79

Tue, 27 Aug 2024 08:15:00 +0000

Type	Values Removed	Values Added
Description	A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.	An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
Title	Reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x	URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
Metrics	cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N'}`	cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}`

Wed, 21 Aug 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		3ds 3ds 3dexperience
Weaknesses		CWE-601
CPEs		cpe:2.3:o:3ds:3dexperience::::::::
Vendors & Products		3ds 3ds 3dexperience

Tue, 20 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dassault Dassault 3dswymer 3dexperience 2022 Dassault 3dswymer 3dexperience 2023 Dassault 3dswymer 3dexperience 2024
CPEs		cpe:2.3:a:dassault:3dswymer_3dexperience_2022:::::::: cpe:2.3:a:dassault:3dswymer_3dexperience_2023:::::::: cpe:2.3:a:dassault:3dswymer_3dexperience_2024::::::::
Vendors & Products		Dassault Dassault 3dswymer 3dexperience 2022 Dassault 3dswymer 3dexperience 2023 Dassault 3dswymer 3dexperience 2024
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 20 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description		A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
Title		Reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
Weaknesses		CWE-79
References		https://www.3ds.com/vulnerability/advisories
Metrics		cvssV3_1 `{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2024-08-20T13:45:35.407Z

Updated: 2024-08-27T08:05:08.293Z

Reserved: 2024-06-27T07:57:44.783Z

Link: CVE-2024-6377

Vulnrichment

Updated: 2024-08-20T15:06:50.105Z

NVD

Status : Modified

Published: 2024-08-20T14:15:09.917

Modified: 2024-08-27T08:15:05.537

Link: CVE-2024-6377

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object