HomeVulnerabilitiesCVE-2024-1624
Critical Risk Disclosed

CVE-2024-1624

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution.

Share this vulnerability:

Exploitation Probability (EPSS)

Low Priority
0.27%

The Exploit Prediction Scoring System (EPSS) uses machine learning to estimate the probability that a vulnerability will be exploited in the wild within the next 30 days.

0% (Theoretical)100% (Certainty)

7-Day Exploitation Trend

Vulnerability Timeline

2 events
Mar 1, 2024
Vulnerability Disclosed
Published to component-level vulnerability database.
Mar 1, 2024
Last Updated
Record updated with new analysis or tags.

Threat Actor Attribution

PREMIUM INTEL
Associated Groups:Lazarus Group, APT28
Ransomware Campaigns:LockBit 3.0, BlackCat
IoCs (Indicators):14 IPs, 3 Hashes

Remediation & Mitigation

SOLUTION

Official patches and mitigation steps are available for this vulnerability.

# Update Command
apt-get update && apt-get upgrade -y specific-package
# Verify installation
dpkg -l | grep package-name

References

https://www.3ds.com/vulnerability/advisories3ds

Am I Vulnerable?

Check your domain or package.json for CVE-2024-1624 exposure.

Share This Page

Help others discover this vulnerability information

Vulnerability Details

CVSS Base Score
9.4/ 10
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Published Date
Mar 1, 2024
Last Modified
Mar 1, 2024
Need API Access?

Integrate this data into your SOAR platform.

View Plans →
Need Manual Validation?

Automated scanners flag false positives. Get a manual pentest validation for this CVE.