CVE-2024-3300
published 2024-05-30CVE-2024-3300: An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
PriorityP265critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EXPLOIT
EPSS
2.76%
84.4th percentile
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dassault_syst_mes | delmia_apriso | Release 2019 Golden – Release 2019 SP5 | — |
| dassault_syst_mes | delmia_apriso | Release 2020 Golden – Release 2020 SP4 | — |
| dassault_syst_mes | delmia_apriso | Release 2021 Golden – Release 2021 SP3 | — |
| dassault_syst_mes | delmia_apriso | Release 2022 Golden – Release 2022 SP3 | — |
| dassault_syst_mes | delmia_apriso | Release 2023 Golden – Release 2023 SP2 | — |
| dassault_syst_mes | delmia_apriso | Release 2024 Golden – Release 2024 SP1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization
nuclei·CVSS 9.0
CVE-2024-3300 [CRITICAL] Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization
Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
Template:
id: CVE-2024-3300
info:
name: Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
impact: |
Attackers can exploit unsafe .NET object deserialization to achieve pre-authentication remote code execution.
remediation: |
Update DELMIA Apriso to a version that addresses the unsafe deserialization vulnerability
No writeups or analysis indexed.
2024-05-30
Published