CVE-2024-3300— Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-3300
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024
Source: NVD (National Vulnerability Database)
Vulnerability Description
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dassault Systèmes DELMIA Apriso 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dassault Systèmes DELMIA Apriso是法国达索系统(Dassault Systèmes)公司的一款数字化企业的互动制造应用软件。 Dassault Systèmes DELMIA Apriso Release 2019至2024版本存在安全漏洞,该漏洞源于.NET对象存在反序列化漏洞。攻击者可利用该漏洞执行远程代码.
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Dassault Systèmes | DELMIA Apriso | Release 2019 Golden ~ Release 2019 SP5 | - |
II. Public POCs for CVE-2024-3300
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-3300.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-3300
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: DELMIA Apriso
- CVE-2025-6205
Missing authorization vulnerability affecting DELMIA Apriso - CVE-2025-6204
Improper Control of Generation of Code (Code Injection) vuln - CVE-2025-5086
Deserialization of Untrusted Data vulnerability affecting DE - CVE-2024-3301
Post-authentication Unsafe .NET object deserialization vulne - CVE-2024-0935
Insertion of Sensitive Information into Log File vulnerabili
Same vendor: Dassault Systèmes
- CVE-2025-10559
Path Traversal vulnerability affecting Factory Resource Mana - CVE-2025-10553
Stored Cross-site Scripting (XSS) vulnerability affecting Fa - CVE-2025-10551
Stored Cross-site Scripting (XSS) vulnerability affecting Do - CVE-2026-3476
Code Injection vulnerability affecting SOLIDWORKS Desktop fr - CVE-2026-2101
Reflected Cross-site Scripting (XSS) vulnerability affecting
Same weakness: CWE-502
- CVE-2026-44126
Insecure deserialization - CVE-2026-5127
User Frontend: AI Powered Frontend Posting, User Directory, - CVE-2026-41586
ObjectInputStream.readObject() without ObjectInputFilter in - CVE-2026-34084
PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFac - CVE-2026-7712
MindsDB Pickle pickle.loads deserialization
V. Comments for CVE-2024-3300
No comments yet