CVE-2023-27977

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Related Vulnerabilities

CVE-2015-9232

MEDIUM
CVSS:5.3(Medium)

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not...

CWE-3452015

CVE-2017-10862

MEDIUM
CVSS:5.3(Medium)

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.

CWE-3452017

CVE-2018-17938

MEDIUM
CVSS:5.3(Medium)

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.

CWE-3452018

CVE-2019-11737

MEDIUM
CVSS:5.3(Medium)

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly a...

CWE-3452019

CVE-2019-12620

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is ...

CWE-3452019

CVE-2019-15162

MEDIUM
CVSS:5.3(Medium)

rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

CWE-3452019