CVE-2023-2139

Name of the Vulnerable Software and Affected Versions DELMIA Apriso versions Release 2017 through Release 2022

Description The issue is related to a reflected Cross-site Scripting (XSS) vulnerability. This vulnerability can be exploited by a remote attacker to execute arbitrary script code, potentially leading to security breaches. The vulnerability is associated with the failure to protect the web page structure, which can allow an attacker to perform cross-site scripting attacks.

Recommendations For DELMIA Apriso versions Release 2017 through Release 2022, consider disabling any functionality that allows the execution of arbitrary script code as a temporary workaround until a patch is available. Restrict access to sensitive areas of the web application to minimize the risk of exploitation. Avoid using vulnerable API endpoints, such as /api/v1/login or /users/{id}, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.