Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-1287
PUBLISHED
More InfoOfficial Page
Assigner-3DS
Assigner Org ID-f5a594e6-46a7-4e60-8a08-0a786e70e433
View Known Exploited Vulnerability (KEV) details
Published At-09 Mar, 2023 | 16:30
Updated At-28 Feb, 2025 | 17:09
Rejected At-
▼CVE Numbering Authority (CNA)
ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability

An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.

Affected Products
Vendor
Dassault Systèmes S.E. (3DS)Dassault Systèmes
Product
ENOVIA Live Collaboration
Default Status
unaffected
Versions
Affected
  • From V6R2013xE Golden through V6R2013xE FP.CFA.2228 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-74CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Type: CWE
CWE ID: CWE-74
Description: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-250CAPEC-250 XML Injection
CAPEC ID: CAPEC-250
Description: CAPEC-250 XML Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Shadi Habbal from TÜV Rheinland i-sec GmbH
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.3ds.com/vulnerability/advisories
N/A
Hyperlink: https://www.3ds.com/vulnerability/advisories
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.3ds.com/vulnerability/advisories
x_transferred
Hyperlink: https://www.3ds.com/vulnerability/advisories
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found