Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-29492 | Novi Survey Insecure Deserialization Vulnerability | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2023-29492 is an insecure deserialization vulnerability. Exploitation of this vulnerability gives remote attackers arbitrary code execution in the context of the service account.
References
|