CVE-2024-6378

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions R2022x through R2024x OpenSSH (affected versions not specified)

Description A reflected Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows an attacker to execute arbitrary script code in a user's browser session. Additionally, a vulnerability in OpenSSH, known as regreSSHion, can lead to Remote Code Execution (RCE) attacks, full system compromise, and data manipulation. It is estimated that over 700K OpenSSH servers are vulnerable.

Recommendations For ENOVIA Collaborative Industry Innovator versions R2022x through R2024x, consider disabling any features that may be exploited by the XSS vulnerability until a patch is available. For OpenSSH, restrict access to vulnerable servers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.