CVE-2024-8040 HIGH

CVE-2024-8040: Authorization Bypass Through User-Controlled Key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x

Vendor Dassault Systèmes
Product 3DSwymer
Weakness CWE-639 · IDOR
Published October 16, 2024
Last update October 16, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.

Key dates

02Disclosure timeline

October 16, 2024 CVE published
October 16, 2024 Record updated