Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1288: Dassault Systèmes Security Advisories

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.

CVE
#vulnerability#rce#auth

Security advisories are based on published vulnerabilities coordinated with MITRE in accordance with MITRE CNA (CVE Numbering Authorities) policies and guidelines. Additional information on each advisory is available through our Support Knowledge Base (KB) that is referenced in the advisory notes.

Published Date

Updated Date

CVE

CVE Title

CVE Details

Affected Products

Affected Versions

Severity

Notes

2023-03-09

CVE-2023-1287

ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability.

An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.

ENOVIA Live Collaboration

from V6R2013xE before V6R2013xE FP.CFA.2240

Critical

Link to Support Knowledge Base (KB)

2023-03-09

CVE-2023-1288

ENOVIA Live Collaboration V6R2013xE is affected by an XML External Entity injection (XXE) vulnerability.

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.

ENOVIA Live Collaboration

from V6R2013xE before V6R2013xE FP.CFA.2240

Medium

Link to Support Knowledge Base (KB)

Related news

CVE-2023-33387: TÜV Rheinland – Aufgedeckte Schwachstellen

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907