CVE-2021-27852 — Checkbox Survey Deserialization of Untrusted Data Vulnerability
2022-04-11 • CISA Known Exploited Vulnerability
[event] Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Checkbox |
| Product | Checkbox Survey |
| CWE | CWE-502 |
| CVE ID | CVE-2021-27852 |
| Date Added | 2022-04-11 |
| Due Date | 2022-05-02 |
| Ransomware Campaign | Unknown |
> MITIGATION
Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.
Due Date: 2022-05-02