Headline
CVE-2023-1288: Dassault Systèmes Security Advisories
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.
Security advisories are based on published vulnerabilities coordinated with MITRE in accordance with MITRE CNA (CVE Numbering Authorities) policies and guidelines. Additional information on each advisory is available through our Support Knowledge Base (KB) that is referenced in the advisory notes.
Published Date
Updated Date
CVE
CVE Title
CVE Details
Affected Products
Affected Versions
Severity
Notes
2023-03-09
CVE-2023-1287
ENOVIA Live Collaboration V6R2013xE is affected by an XSL template injection vulnerability.
An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.
ENOVIA Live Collaboration
from V6R2013xE before V6R2013xE FP.CFA.2240
Critical
Link to Support Knowledge Base (KB)
2023-03-09
CVE-2023-1288
ENOVIA Live Collaboration V6R2013xE is affected by an XML External Entity injection (XXE) vulnerability.
An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.
ENOVIA Live Collaboration
from V6R2013xE before V6R2013xE FP.CFA.2240
Medium
Link to Support Knowledge Base (KB)
Related news
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.