CVE-2023-2140— Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-2140
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-Side Request Forgery vulnerability affecting DELMIA Apriso Release 2017 through Release 2022
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dassault Systèmes DELMIA Apriso 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dassault Systèmes DELMIA Apriso是法国达索系统(Dassault Systèmes)公司的一款数字化企业的互动制造应用软件。 Dassault Systèmes DELMIA Apriso 2017版本至 2022版本存在安全漏洞,该漏洞源于存在服务区请求伪造漏洞(SSRF)。攻击者可利用该漏洞代表服务器向任意主机发起请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso | Apriso 2017 Golden ~ Apriso 2017 SP7 | - |
II. Public POCs for CVE-2023-2140
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-2140
请登录查看更多情报信息。
Same Patch Batch · Dassault Systèmes · 2023-04-21 · 3 CVEs total
| CVE-2023-2141 | 8.5 HIGH | Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 20 |
| CVE-2023-2139 | 5.4 MEDIUM | Reflected Cross-site Scripting vulnerability affecting DELMIA Apriso Release 2017 through |
IV. Related Vulnerabilities
Same product: DELMIA Apriso
- CVE-2025-6205
Missing authorization vulnerability affecting DELMIA Apriso - CVE-2025-6204
Improper Control of Generation of Code (Code Injection) vuln - CVE-2025-5086
Deserialization of Untrusted Data vulnerability affecting DE - CVE-2024-3300
Pre-authentication Unsafe .NET object deserialization vulner - CVE-2024-3301
Post-authentication Unsafe .NET object deserialization vulne
Same vendor: Dassault Systèmes
- CVE-2025-10559
Path Traversal vulnerability affecting Factory Resource Mana - CVE-2025-10553
Stored Cross-site Scripting (XSS) vulnerability affecting Fa - CVE-2025-10551
Stored Cross-site Scripting (XSS) vulnerability affecting Do - CVE-2026-3476
Code Injection vulnerability affecting SOLIDWORKS Desktop fr - CVE-2026-2101
Reflected Cross-site Scripting (XSS) vulnerability affecting
Same weakness: CWE-918
- CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-44313
LinkWarden: Server-Side Request Forgery (SSRF) in Link Creat - CVE-2026-42352
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processe - CVE-2026-42346
Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validatio - CVE-2026-42339
New API: SSRF Filter Bypass via 0.0.0.0
V. Comments for CVE-2023-2140
No comments yet