CVE-2024-12091

Summary

CVE-2024-12091 is a recently disclosed vulnerability affecting ENOVIA Collaborative Industry Innovator, a product of Dassault Systèmes, from releases R2022x through R2024x. This issue constitutes a stored Cross-site Scripting (XSS) vulnerability, which enables an attacker to inject malicious scripts into a web application's storage. Upon exploitation, these scripts are executed in the user's browser session, potentially allowing the attacker to access sensitive information, modify data, or even take control of the user's account. By leveraging this flaw, an attacker could launch targeted attacks on unsuspecting users, posing a significant threat to data security and privacy. It is essential for affected users to apply the necessary patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.