Impact
A race condition flaw exists in BIOVIA Workbook that can allow a user to read data from another user’s session. The vulnerability arises when concurrent operations on shared data are not properly synchronized, enabling a timing attack that bypasses access controls. The weakness is classified as CWE-362 and its primary consequence is the disclosure of confidential information to an unauthorised user.
Affected Systems
Dassault Systèmes manufactures BIOVIA Workbook, and versions released between 2021 through 2026 are affected. This includes all product releases within that range regardless of patch level, as the flaw originates in the core concurrency handling of the application.
Risk and Exploitability
The CVSS score of 8.1 indicates high severity, yet an EPSS score is unavailable; therefore the exploitation probability is uncertain. Based on the description, it is inferred that attackers would need the ability to run or influence concurrent processes within the application, implying a local or same-user context; network-based exploitation is unlikely unless the application is exposed to untrusted input that can trigger the race. The flaw is not listed in the CISA KEV catalog, suggesting no widespread, actively exploited incidents as of this assessment. Mitigation requires preventing concurrent access or ensuring proper synchronization, as detailed in the remediation steps.
OpenCVE Enrichment