Description
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL.
References (1)
Core 1
Core References
Vendor Advisory
https://www.3ds.com/vulnerability/advisories
Scores
CVSS v3
8.1
EPSS
0.0026
EPSS Percentile
17.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-601
Status
published
Products (1)
3ds/3dexperience
r2022x - r2024x
Published
Aug 20, 2024
Tracked Since
Feb 18, 2026