CVE-2024-1624

Name of the Vulnerable Software and Affected Versions 3DEXPERIENCE versions R2022x through R2024x SIMULIA Abaqus versions 2022 through 2024 SIMULIA Isight versions 2022 through 2024 CATIA Composer versions R2023 through R2024

Description The issue is an OS Command Injection vulnerability affecting the documentation server. It can be exploited through a specially crafted HTTP request, leading to arbitrary command execution.

Recommendations For 3DEXPERIENCE versions R2022x through R2024x, consider disabling the documentation server until a patch is available. For SIMULIA Abaqus versions 2022 through 2024, restrict access to the documentation server to minimize the risk of exploitation. For SIMULIA Isight versions 2022 through 2024, avoid using the vulnerable documentation server functionality until the issue is resolved. For CATIA Composer versions R2023 through R2024, as a temporary workaround, consider restricting the use of the documentation server until a fix is provided.