Headline
CVE-2023-29492: novi survey security advisory apr 2023
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
Audience: Current and prior users of the Novi Survey installable software.
Product affected: installable version of Novi Survey
Version affected: all versions less than 8.9.43676
Reference: CVE-2023-29492
Description:
A vulnerability allows remote attackers to execute arbitrary code on the server in the context of the service account on affected installations of Novi Survey.
The vulnerability does not provide access to survey or response data stored within the system.
Mitigation:
Upgrade the installation to version 8.9.43676 or greater. There is no workaround available for versions less than 8.9.43676.
Related news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability