Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-1624
PUBLISHED
More InfoOfficial Page
Assigner-3DS
Assigner Org ID-f5a594e6-46a7-4e60-8a08-0a786e70e433
View Known Exploited Vulnerability (KEV) details
Published At-01 Mar, 2024 | 15:47
Updated At-28 Aug, 2024 | 15:01
Rejected At-
▼CVE Numbering Authority (CNA)
OS Command Injection vulnerability affecting documentation server on certain Releases of 3DEXPERIENCE, SIMULIA Abaqus, SIMULIA Isight and CATIA Composer

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.

Affected Products
Vendor
Dassault Systèmes S.E. (3DS)Dassault Systèmes
Product
Documentation server
Default Status
unaffected
Versions
Affected
  • From Release 3DEXPERIENCE R2022x Golden through Release 3DEXPERIENCE R2022x.FP.CFA.2406 (custom)
  • From Release 3DEXPERIENCE R2023x Golden through Release 3DEXPERIENCE R2023x FP.CFA.2350 (custom)
  • From Release 3DEXPERIENCE R2024x Golden through Release 3DEXPERIENCE R2024x.FP.CFA.2405 (custom)
  • From SIMULIA Abaqus Release 2022 Golden through SIMULIA Abaqus Release 2022.FP.CFA.2406 (custom)
  • From SIMULIA Abaqus Release 2023 Golden through SIMULIA Abaqus Release 2023.FP.CFA.2350 (custom)
  • From SIMULIA Abaqus Release 2024 Golden through SIMULIA Abaqus Release 2024.FP.CFA.2405 (custom)
  • SIMULIA Isight Release 2022 Golden
  • SIMULIA Isight Release 2023 Golden
  • SIMULIA Isight Release 2024 Golden
  • From CATIA Composer Release R2023 Golden through CATIA Composer Release R2023 Refresh4 (custom)
  • From CATIA Composer Release R2024 Golden through CATIA Composer Release R2024 Refresh3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.4CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Version: 3.1
Base score: 9.4
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-88CAPEC-88 OS Command Injection
CAPEC ID: CAPEC-88
Description: CAPEC-88 OS Command Injection
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.3ds.com/vulnerability/advisories
N/A
Hyperlink: https://www.3ds.com/vulnerability/advisories
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.3ds.com/vulnerability/advisories
x_transferred
Hyperlink: https://www.3ds.com/vulnerability/advisories
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Dassault Systèmes S.E. (3DS)3ds
Product
3dexperience
CPEs
  • cpe:2.3:a:3ds:3dexperience:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From r2022x_golden through r2022.fp.cfa.2406 (custom)
  • From r2023x_golden through R2023x.FP.CFA.2350 (custom)
  • From r2024x_golden through R2024x.FP.CFA.2405 (custom)
Vendor
Dassault Systèmes S.E. (3DS)3ds
Product
simulia_abaqus
CPEs
  • cpe:2.3:a:3ds:simulia_abaqus:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 2022_golden through 2022.FP.CFA.2406 (custom)
  • From 2023_golden through 2023.FP.CFA.2350 (custom)
  • From 2024_golden through 2024.FP.CFA.2405 (custom)
Vendor
Dassault Systèmes S.E. (3DS)3ds
Product
simulia_insight
CPEs
  • cpe:2.3:a:3ds:simulia_insight:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2022_golden
  • 2023_golden
  • 2024_golden
Vendor
Dassault Systèmes S.E. (3DS)3ds
Product
catia_composer
CPEs
  • cpe:2.3:a:3ds:catia_composer:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From r2023_golden through R2023_Refresh4 (custom)
  • From r2024_golden through R2023_Refresh3 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found