A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).
History

Wed, 05 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: schneider

Published:

Updated: 2025-02-05T20:06:06.896Z

Reserved: 2023-03-09T00:00:00.000Z

Link: CVE-2023-27977

cve-icon Vulnrichment

Updated: 2024-08-02T12:23:30.804Z

cve-icon NVD

Status : Modified

Published: 2023-03-21T12:15:10.647

Modified: 2024-11-21T07:53:51.470

Link: CVE-2023-27977

cve-icon Redhat

No data.