CVE-2023-27979

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions V16.0.0.23040 and prior IGSS Dashboard versions V16.0.0.23040 and prior Custom Reports versions V16.0.0.23040 and prior

Description The issue is related to insufficient verification of data authenticity, which could allow a remote attacker to cause a denial of service by sending specially crafted messages to the Data Server TCP port. This vulnerability may enable the renaming of files in the IGSS project report directory.

Recommendations For IGSS Data Server version V16.0.0.23040 and prior, consider disabling the IGSSdataServer.exe service until a patch is available to prevent exploitation. For IGSS Dashboard version V16.0.0.23040 and prior, restrict access to the DashBoard.exe executable to minimize the risk of exploitation. For Custom Reports version V16.0.0.23040 and prior, avoid using the RMS16.dll module until the issue is resolved. As a temporary workaround, consider blocking specific crafted messages to the Data Server TCP port to prevent denial of service.