PT-2023-1871 · Unknown · Igss Data Server+2
Published
2023-03-14
·
Updated
2023-03-24
·
CVE-2023-27984
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IGSS Data Server versions 16.0.0.23040 and prior
IGSS Dashboard versions 16.0.0.23040 and prior
Custom Reports versions 16.0.0.23040 and prior
Description
The issue exists due to insufficient input validation in the Custom Reports component of the IGSS Data Server and monitoring tools, Custom Reports and IGSS Dashboard. This could allow an attacker to execute arbitrary code using a specially crafted file, potentially leading to remote code execution when a user opens a malicious report file.
Recommendations
For IGSS Data Server versions 16.0.0.23040 and prior, update to a version that includes the fix for this issue.
For IGSS Dashboard versions 16.0.0.23040 and prior, update to a version that includes the fix for this issue.
For Custom Reports versions 16.0.0.23040 and prior, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of the Custom Reports component until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Custom Reports
Igss Dashboard
Igss Data Server