CVE-2021-41123

Name of the Vulnerable Software and Affected Versions Survey Solutions versions prior to 21.09.1

Description The issue concerns the Headquarters application of Survey Solutions, a survey management and data collection system. In affected versions, the /metrics endpoint is published and available to any user. This endpoint exposes aggregate counters, including the count of interviews or assignments, but does not expose survey answers.

Recommendations For versions prior to 21.09.1, consider disabling the /metrics endpoint to prevent unauthorized access to aggregate counters until a version with the endpoint turned off by default can be implemented.