CVE-2024-6379

Name of the Vulnerable Software and Affected Versions 3DSwymer versions Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

Description A reflected Cross-site Scripting (XSS) vulnerability allows an attacker to execute arbitrary script code in a user's browser session. This issue also involves an open redirect vulnerability affecting 3DPassport in 3DSwymer, where an attacker can redirect users to untrusted sites.

Recommendations For versions Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, consider disabling any features that may trigger the reflected XSS vulnerability until a patch is available. Restrict access to potentially vulnerable API endpoints or modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.