Lucene search

[email protected]CVE-2023-6078

HistoryFeb 01, 2024 - 2:15 p.m.

CVE-2023-6078

2024-02-0114:15:55

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-6078

os command injection

biovia materials studio

nvd

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.

Affected configurations

NVD

Node

3dsbiovia_materials_studioRange2021–2023

CPENameOperatorVersion
3ds:biovia_materials_studio3ds biovia materials studiole2023

CPE	Name	Operator	Version
3ds:biovia_materials_studio	3ds biovia materials studio	le	2023

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "BIOVIA Materials Studio products",
    "versions": [
      {
        "status": "affected",
        "version": "BIOVIA 2021 Golden"
      },
      {
        "status": "affected",
        "version": "BIOVIA 2022 Golden"
      },
      {
        "status": "affected",
        "version": "BIOVIA 2023 Golden"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2023-6078

prion1 cvelist1 nvd1