CVE-2023-29492
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 07, 2023
- Published Date
- April 11, 2023
- Last Updated
- January 27, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
Exploit Status
- Exploited in the Wild
- Yes (added 2023-04-13 00:00:00 UTC) Source
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-04-13 00:00:00 UTC |