Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Novi Survey Insecure Deserialization Vulnerability

Known Exploited Vulnerabilities CVE-2023-29492 Mappings

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2023-29492	Novi Survey Insecure Deserialization Vulnerability	exploitation_technique	T1190	Exploit Public-Facing Application	Comments CVE-2023-29492 is an insecure deserialization vulnerability. Exploitation of this vulnerability gives remote attackers arbitrary code execution in the context of the service account. References https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx