Lucene search

AttackerKBAKB:60F8BB5A-A55A-4754-8819-D9AE01FDB421

HistoryApr 11, 2023 - 12:00 a.m.

CVE-2023-29492

2023-04-1100:00:00

attackerkb.com

novi survey

remote code execution

service account

data access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.029 Low

EPSS

Percentile

90.9%

JSON

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29492

novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.029 Low

EPSS

Percentile

90.9%

JSON

Related for AKB:60F8BB5A-A55A-4754-8819-D9AE01FDB421