CVE-2023-29492

unknown KEV

Published 2023-04-13 · Modified 2023-04-13

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.

CISA KEV

Vendor: Novi Survey
Product: Novi Survey
Due date: 2023-05-04

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx; https://nvd.nist.gov/vuln/detail/CVE-2023-29492

Exploits

References

https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx; https://nvd.nist.gov/vuln/detail/CVE-2023-29492

Verify integrity in audit chain (admin only). AS-IS.