CVE-2023-2140 HIGH

CVE-2023-2140: Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022

Vendor Dassault Systèmes
Product DELMIA Apriso
Weakness CWE-918 · SSRF
Published April 21, 2023
Last update February 4, 2025
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.

Key dates

02Disclosure timeline

April 21, 2023 CVE published
February 4, 2025 Record updated