A high-severity vulnerability has been identified in multiple stored products, specifically within the 3DSwym component of the 3DEXPERIENCE platform. This flaw allows an attacker to inject malicious code that gets stored on the server and later executed by unsuspecting users, potentially leading to account takeover, data theft, and other malicious actions within the user's session.

This is a stored Cross-site Scripting (XSS) vulnerability. An authenticated attacker can inject malicious client-side script (e.g., JavaScript) into a data field within the 3DSwym application that is saved to the backend database. When another user accesses the page or feature containing this stored malicious data, the script is rendered and executed within the context of their browser, granting the attacker the same permissions as the victim user. This can be used to steal session cookies, capture credentials, perform actions on behalf of the user, or deface the web application.

This vulnerability is rated as High severity with a CVSS score of 8.7. Successful exploitation could lead to significant business consequences, including the compromise of user accounts and the theft of sensitive data stored within the 3DEXPERIENCE platform, such as intellectual property, design data, or project information. An attacker could impersonate a legitimate user to manipulate data, disrupt collaborative workflows, or escalate their privileges within the environment, leading to reputational damage and potential financial loss.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected systems. Concurrently, security and system administration teams should begin monitoring for any indicators of compromise and review application and access logs for suspicious activity preceding the patch deployment.

Proactive Monitoring: Monitor application logs for unusual or malformed inputs, specifically looking for HTML/JavaScript tags (e.g., <script>, <img>, onerror) in user-generated content fields. Network monitoring should be configured to detect and alert on unexpected outbound connections from client browsers interacting with the platform, which could indicate data exfiltration attempts.

Compensating Controls: If patching cannot be performed immediately, deploy a Web Application Firewall (WAF) with up-to-date XSS detection rules to filter malicious input. Implementing a strict Content Security Policy (CSP) can also serve as a strong mitigating control by preventing the browser from executing unauthorized scripts.

Public Exploit Available: false

Given the high CVSS score of 8.7, this vulnerability poses a significant risk to the organization. Although it is not currently listed on the CISA KEV (Known Exploited Vulnerabilities) catalog, its severity makes it a prime target for future exploitation. We strongly recommend that the organization prioritizes the immediate application of the vendor-supplied security patches to all affected 3DEXPERIENCE instances to prevent potential compromise of sensitive corporate data and user accounts.