CVE-2023-2140
Published Apr 21, 2023
Last updated 2 years ago
Overview
- Description
- A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
- Source
- 3DS.Information-Security@3ds.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C52EE2E6-9E32-4D89-B848-E187676E92B3",
"versionEndIncluding": "2022",
"versionStartIncluding": "2017"
}
],
"operator": "OR"
}
]
}
]