CVE-2023-27978

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior

Description A Deserialization of Untrusted Data issue exists in the Dashboard module, potentially leading to remote code execution when an attacker gets the user to open a malicious file. This could cause an interpretation of malicious payload data. The vulnerability is related to the deserialization of untrusted data, which may allow an attacker to execute arbitrary code in the target system using a specially crafted file.

Recommendations For IGSS Data Server versions 16.0.0.23040 and prior, update to a version later than 16.0.0.23040 to resolve the issue. For IGSS Dashboard versions 16.0.0.23040 and prior, update to a version later than 16.0.0.23040 to resolve the issue. For Custom Reports versions 16.0.0.23040 and prior, update to a version later than 16.0.0.23040 to resolve the issue. As a temporary workaround, consider restricting access to the Dashboard module and avoiding the use of untrusted files until a patch is available.