CVE-2023-29492

CRITICALCISA KEV

9.8

Beschreibung

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht4/11/2023

Zuletzt geandert10/27/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerNovi Survey

ProduktNovi Survey

SchwachstellennameNovi Survey Insecure Deserialization Vulnerability

KEV Aufnahmedatum2023-04-13

Behebungsfrist2023-05-04

Ransomware-NutzungUnknown

Betroffene Produkte

3rdmill:novi_survey

Schwachen (CWE)

CWE-94CWE-94

Referenzen

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx(cve@mitre.org)

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.