CVE-2023-27981

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior

Description A vulnerability exists in Custom Reports due to improper limitation of a pathname to a restricted directory, which could cause remote code execution when a victim tries to open a malicious report. This issue affects the getRMSreportFile function of the IGSS Data Server and the Custom Reports and IGSS Dashboard tools. Exploitation of this vulnerability may allow an attacker to execute arbitrary code using a specially crafted file.

Recommendations For IGSS Data Server versions 16.0.0.23040 and prior, consider disabling the getRMSreportFile function until a patch is available. For IGSS Dashboard versions 16.0.0.23040 and prior, restrict access to the Custom Reports feature to minimize the risk of exploitation. For Custom Reports versions 16.0.0.23040 and prior, avoid using the RMS16.dll module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.