CVE-2024-6377

EUVD-2024-47484
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
3ds3dexperience
r2022x ≤
𝑥
≤ r2024x
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
dassault3dswymer_3dexperience_2022
𝑥
≤ fp.cfa.2424
ADP
dassault3dswymer_3dexperience_2023
𝑥
≤ fp.cfa.2419
ADP
dassault3dswymer_3dexperience_2024
𝑥
≤ fp.cfa.2424
ADP
Common Weakness Enumeration
References
https://www.3ds.com/vulnerability/advisories