PT-2023-1872 · Unknown · Igss Data Server+2
Published
2023-03-14
·
Updated
2023-05-15
·
CVE-2023-27977
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
IGSS Data Server versions V16.0.0.23040 and prior
IGSS Dashboard versions V16.0.0.23040 and prior
Custom Reports versions V16.0.0.23040 and prior
Description
The issue is related to insufficient verification of data authenticity, which could allow a remote attacker to delete files in the report directory by sending specially crafted messages to the Data Server TCP port. This could lead to loss of data.
Recommendations
For IGSS Data Server versions V16.0.0.23040 and prior, update to a version later than V16.0.0.23040 to resolve the issue.
For IGSS Dashboard versions V16.0.0.23040 and prior, update to a version later than V16.0.0.23040 to resolve the issue.
For Custom Reports versions V16.0.0.23040 and prior, update to a version later than V16.0.0.23040 to resolve the issue.
As a temporary workaround, consider restricting access to the Data Server TCP port to minimize the risk of exploitation.
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Custom Reports
Igss Dashboard
Igss Data Server