20 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024 Una vulnerabilidad de inserción de información confidencial en el archivo de registro está afectando a DELMIA Apriso desde la versión 2019 hasta la versión 2024 • https://www.3ds.com/vulnerability/advisories • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An OS Command Injection vulnerability exists in BIOVIA Materials Studio products from Release BIOVIA 2021 through Release BIOVIA 2023. Upload of a specially crafted perl script can lead to arbitrary command execution. Existe una vulnerabilidad de inyección de comandos del sistema operativo en los productos BIOVIA Materials Studio desde la versión BIOVIA 2021 hasta la versión BIOVIA 2023. La carga de un script perl especialmente manipulado puede provocar la ejecución de comandos arbitrarios. • https://www.3ds.com/vulnerability/advisories • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x podría permitir, con algunas condiciones muy específicas, que un atacante envíe una consulta específicamente manipulada al servidor. • https://www.3ds.com/vulnerability/advisories • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0

A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x permite a un atacante ejecutar scripts de comandos arbitrarios. • https://www.3ds.com/vulnerability/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution. • https://www.3ds.com/vulnerability/advisories • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •