CVE-2023-27982

Name of the Vulnerable Software and Affected Versions IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior

Description A vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory. When an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. The issue is related to insufficient verification of data authenticity.

Recommendations For IGSS Data Server versions 16.0.0.23040 and prior, update to a version later than 16.0.0.23040 to resolve the issue. For IGSS Dashboard versions 16.0.0.23040 and prior, update to a version later than 16.0.0.23040 to resolve the issue. For Custom Reports versions 16.0.0.23040 and prior, update to a version later than 16.0.0.23040 to resolve the issue. As a temporary workaround, consider restricting access to the TCP port 12401 to minimize the risk of exploitation.