CVE-2024-8004
📋 TL;DR
A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts that execute in users' browsers when viewing affected content. This affects all users of 3DEXPERIENCE R2022x through R2024x releases. Attackers could steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- ENOVIA Collaborative Industry Innovator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover, data theft, privilege escalation, and lateral movement within the application by stealing administrator credentials or session tokens.
Likely Case
Session hijacking, credential theft, defacement of application content, and unauthorized actions performed in the context of authenticated users.
If Mitigated
Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.
🎯 Exploit Status
Stored XSS typically requires authentication to inject payloads, but execution affects all users viewing the malicious content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific patched versions
Vendor Advisory: https://www.3ds.com/vulnerability/advisories
Restart Required: Yes
Instructions:
1. Review the Dassault Systèmes security advisory
2. Apply the recommended patch or upgrade to a fixed version
3. Restart the ENOVIA application services
4. Verify the fix by testing XSS payloads
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add 'Content-Security-Policy' header with appropriate directives
Input Validation Filtering
allImplement server-side validation to sanitize user input
Configure input validation rules for all user-controllable fields
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) with XSS protection rules
- Disable user-contributed content features if not essential
🔍 How to Verify
Check if Vulnerable:
Test by attempting to inject XSS payloads into user-controllable fields and checking if they executeCheck Version:
Check application version through admin interface or configuration filesVerify Fix Applied:
Retest XSS payloads after patching to confirm they are properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual script tags or JavaScript in user input logs
- Multiple failed XSS attempts from same source
Network Indicators:
- HTTP requests containing suspicious script patterns
- Unexpected external script loads
SIEM Query:
Search for patterns like '<script>', 'javascript:', or encoded XSS payloads in web logs