CVE-2023-2140
📊 7.5 HIGH⚡ 0.2%🎯 0 exploits
📅 Published Apr 21, 2023
📋 Status: Modified
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | 3ds | delmia apriso | ≥ 2017 ∧ ≤ 2022 | Vulnerable | cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 2017 ∧ ≤ 2022
CPE:
cpe:2.3:a:3ds:delmia_apriso:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
7.5 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.2% (Minimal)37.8th percentile
Last updated: Nov 1, 2025
Exploitation probability within 30 days
Published Date
Apr 21, 2023 (2 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses2
CWE-918
References2
NVDadvisory