CVE-2024-6377

Published: Aug 20, 2024Modified: Aug 27, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.

Affected (1)

Products: 3ds: 3dexperience

3ds

1 product

3dexperience

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
3ds 3dexperience	From r2022x to r2024x

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (1)

https://www.3ds.com/vulnerability/advisories

Source: 3DS.Information-Security@3ds.com

Vendor Advisory

Timeline

No history available yet.