Overview
- Description
- Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Known exploits
Data from CISA
- Vulnerability name
- Novi Survey Insecure Deserialization Vulnerability
- Exploit added on
- Apr 13, 2023
- Exploit action due
- May 4, 2023
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:3rdmill:novi_survey:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1D0E9E5-7AEA-4606-95EF-1A5909DCCFD2",
"versionEndExcluding": "8.9.43676"
}
],
"operator": "OR"
}
]
}
]