Lucene search

3DSCVELIST:CVE-2023-6078

HistoryFeb 01, 2024 - 1:33 p.m.

CVE-2023-6078 OS Command Injection vulnerability affecting BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023

2024-02-0113:33:48

CWE-78

3DS

www.cve.org

cve-2023

os command injection

biovia materials studio

release biovia 2021

release biovia 2023

perl script

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution.

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "BIOVIA Materials Studio products",
    "versions": [
      {
        "status": "affected",
        "version": "BIOVIA 2021 Golden"
      },
      {
        "status": "affected",
        "version": "BIOVIA 2022 Golden"
      },
      {
        "status": "affected",
        "version": "BIOVIA 2023 Golden"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVELIST:CVE-2023-6078