PT-2023-1874 · Unknown · Igss Data Server+2
Published
2023-03-14
·
Updated
2023-03-28
·
CVE-2023-27983
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
IGSS Data Server versions V16.0.0.23040 and prior
IGSS Dashboard versions V16.0.0.23040 and prior
Custom Reports versions V16.0.0.23040 and prior
Description
The issue is related to the absence of authentication for a critical function in the Data Server TCP interface. This could allow a remote attacker to delete arbitrary data, specifically reports from the IGSS project report directory, leading to data loss.
Recommendations
For IGSS Data Server versions V16.0.0.23040 and prior, update to a version that includes authentication for critical functions.
For IGSS Dashboard versions V16.0.0.23040 and prior, update to a version that includes authentication for critical functions.
For Custom Reports versions V16.0.0.23040 and prior, update to a version that includes authentication for critical functions.
As a temporary workaround, consider restricting access to the Data Server TCP interface until a patch is available.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Custom Reports
Igss Dashboard
Igss Data Server