Apriso
by IBM
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-5086 | Cri | 0.78 | 9.0 | 0.89 | KEV | Jun 2, 2025 | A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution. | |
| CVE-2025-6205 | Cri | 0.77 | 9.1 | 0.71 | KEV | Aug 4, 2025 | A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application. | |
| CVE-2025-6204 | Hig | 0.70 | 8.0 | 0.76 | KEV | Aug 4, 2025 | An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code. | |
| CVE-2024-3300 | Cri | 0.59 | 9.0 | 0.03 | May 30, 2024 | An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution. | ||
| CVE-2024-3301 | Hig | 0.55 | 8.5 | 0.01 | May 30, 2024 | An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution. | ||
| CVE-2023-2141 | Hig | 0.55 | 8.5 | 0.01 | Apr 21, 2023 | An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution. | ||
| CVE-2023-2140 | Hig | 0.49 | 7.5 | 0.01 | Apr 21, 2023 | A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application. | ||
| CVE-2023-2139 | Med | 0.35 | 5.4 | 0.00 | Apr 21, 2023 | A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. | ||
| CVE-2024-0935 | Med | 0.29 | 4.4 | 0.00 | Feb 1, 2024 | Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024 |
- risk 0.78cvss 9.0epss 0.89
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
- risk 0.77cvss 9.1epss 0.71
A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
- risk 0.70cvss 8.0epss 0.76
An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
- risk 0.59cvss 9.0epss 0.03
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to pre-authentication remote code execution.
- risk 0.55cvss 8.5epss 0.01
An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release 2019 through Release 2024 could lead to post-authentication remote code execution.
- risk 0.55cvss 8.5epss 0.01
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.
- risk 0.49cvss 7.5epss 0.01
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.
- risk 0.35cvss 5.4epss 0.00
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.
- risk 0.29cvss 4.4epss 0.00
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024