CVE-2023-2140: Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
First published: Fri Apr 21 2023(Updated: )
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
Credit: 3DS.Information-Security@3ds.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 3DS DELMIA Apriso | >=2017<=2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-2140?
CVE-2023-2140 is a Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022.
What is the impact of CVE-2023-2140?
CVE-2023-2140 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
How can an attacker exploit CVE-2023-2140?
An attacker can exploit CVE-2023-2140 by sending crafted requests to the vulnerable DELMIA Apriso application.
How severe is CVE-2023-2140?
CVE-2023-2140 has a severity rating of 7.5 (high).
How can I fix CVE-2023-2140?
To fix CVE-2023-2140, it is recommended to apply the latest security patches provided by the vendor.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/3ds
- canonical/3ds delmia apriso
- version/3ds delmia apriso/2017
- version/3ds delmia apriso/2022