{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-29492", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-10-21T23:05:49.479Z", "dateReserved": "2023-04-07T00:00:00.000Z", "datePublished": "2023-04-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-11T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.158Z"}, "title": "CVE Program Container", "references": [{"url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-29492", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-27T22:19:16.192249Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-04-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492"}}}], "affected": [{"cpes": ["cpe:2.3:a:novisurvey:novi_survey:*:*:*:*:*:*:*:*"], "vendor": "novisurvey", "product": "novi_survey", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.43676", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "timeline": [{"time": "2023-04-13T00:00:00.000Z", "lang": "en", "value": "CVE-2023-29492 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:05:49.479Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.158Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-29492", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-27T22:19:16.192249Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-04-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492"}}}], "affected": [{"cpes": ["cpe:2.3:a:novisurvey:novi_survey:*:*:*:*:*:*:*:*"], "vendor": "novisurvey", "product": "novi_survey", "versions": [{"status": "affected", "version": "0", "lessThan": "8.9.43676", "versionType": "custom"}], "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-04-13T00:00:00.000Z", "value": "CVE-2023-29492 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-13T17:23:57.565Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx"}], "descriptions": [{"lang": "en", "value": "Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-04-11T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29492", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:05:49.479Z", "dateReserved": "2023-04-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-04-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-05-04", "cisaExploitAdd": "2023-04-13", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Novi Survey Insecure Deserialization Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:3rdmill:novi_survey:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1D0E9E5-7AEA-4606-95EF-1A5909DCCFD2", "versionEndExcluding": "8.9.43676", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data."}], "id": "CVE-2023-29492", "lastModified": "2025-10-27T14:56:50.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-04-11T05:15:07.393", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29492"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}