CVE-2024-6377
📋 TL;DR
This CVE describes an open redirect vulnerability in 3DPassport within 3DSwymer (part of 3DEXPERIENCE platform) that allows attackers to craft malicious URLs that redirect users to arbitrary, potentially malicious websites. Organizations using 3DEXPERIENCE releases R2022x through R2024x are affected.
💻 Affected Systems
- 3DSwymer
- 3DPassport
- 3DEXPERIENCE Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could redirect users to phishing sites that steal credentials or deliver malware, potentially leading to full account compromise and lateral movement within the organization.
Likely Case
Attackers use crafted links in phishing campaigns to redirect legitimate users to credential harvesting pages or malicious sites, leading to credential theft and potential follow-on attacks.
If Mitigated
With proper user awareness training and URL filtering, the impact is limited to failed phishing attempts and potential user confusion from unexpected redirects.
🎯 Exploit Status
Open redirect vulnerabilities are commonly weaponized in phishing campaigns. The vulnerability requires user interaction (clicking a link) but no authentication to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Review the Dassault Systèmes security advisory. 2. Apply the recommended patch or upgrade to a fixed version. 3. Restart affected services. 4. Verify the fix is applied.
🔧 Temporary Workarounds
URL Filtering
allImplement web proxy or firewall rules to block redirects to untrusted domains from the 3DEXPERIENCE application.
User Awareness Training
allTrain users to recognize suspicious URLs and report unexpected redirects.
🧯 If You Can't Patch
- Implement strict URL validation and filtering at network perimeter to block malicious redirects
- Deploy email security solutions that scan for and block phishing links targeting this vulnerability
🔍 How to Verify
Check if Vulnerable:
Test by attempting to redirect through 3DPassport URLs to external domains. Check if URL parameters allow redirects to untrusted sites.Check Version:
Check 3DEXPERIENCE version through administration console or contact Dassault Systèmes supportVerify Fix Applied:
After patching, retest redirect attempts to confirm they are properly validated and blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual redirect patterns in web server logs
- Multiple failed redirect attempts with suspicious parameters
Network Indicators:
- Outbound connections to unexpected domains following 3DEXPERIENCE access
- HTTP 302 redirects to non-whitelisted domains
SIEM Query:
source="3dexperience" AND (url_contains="redirect" OR url_contains="return") AND dest_domain NOT IN whitelist