CVE-2023-29492

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Novi Survey versions prior to 8.9.43676

Description The issue is related to insecure deserialization, allowing remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. The vulnerability has been exploited in the wild.

Recommendations For versions prior to 8.9.43676, update to version 8.9.43676 or later to resolve the issue. As a temporary workaround, consider restricting access to the service account to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-94

Related Identifiers

BDU:2023-02233

CVE-2023-29492

Affected Products

Novi Survey

CVE-2023-29492

Weakness Enumeration

Related Identifiers

Affected Products

References · 13