CVE-2023-27980

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior

Description A Missing Authentication for Critical Function issue exists in the Data Server TCP interface, allowing the creation of a malicious report file in the IGSS project report directory. This could lead to remote code execution when a victim opens the report. The vulnerability can be exploited by a remote attacker to execute arbitrary code.

Recommendations For IGSS Data Server versions 16.0.0.23040 and prior, consider disabling the Data Server TCP interface until a patch is available. For IGSS Dashboard versions 16.0.0.23040 and prior, restrict access to the report directory to minimize the risk of exploitation. For Custom Reports versions 16.0.0.23040 and prior, avoid using the vulnerable function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.