CVE-2023-27981

2023-03-2110:15:17

CWE-22

[email protected]

web.nvd.nist.gov

cwe-22

improper limitation of a pathname

restricted directory

remote code execution

igss data server

igss dashboard

custom reports

rms16.dll

v16.0.0.23040

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.4%

JSON

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).