CVE-2023-38404

Published: Jul 17, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.

Affected (1)

Products: Veritas: Infoscale Operations Manager

1 product

Infoscale Operations Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Veritas Infoscale Operations Manager	From 7.0.0 to 8.0.0.410

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.veritas.com/content/support/en_US/security/VTS23-009

Source: cve@mitre.org

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS23-009

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.