CVE-2023-29492

critical

Description

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx

Details

Source: Mitre, NVD

Published: 2023-04-11

Updated: 2024-09-26

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical