CVE-2024-12089

Summary

CVE-2024-12089 is a stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x. An attacker can exploit this flaw to inject and execute arbitrary script code in a user's browser session. This vulnerability poses a significant risk as it can lead to data theft, unauthorized access to user accounts, and other malicious activities. Users are strongly advised to upgrade to the latest software version as soon as possible to mitigate this risk. The vulnerability allows attackers to gain control over a user's browser session, potentially leading to data theft, unauthorized access, and other malicious activities. ENOVIA Collaborative Industry Innovator users on affected releases should upgrade to the latest version to address this stored XSS vulnerability identified as CVE-2024-12089.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.