CVE-2023-32569

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:03

Type Values Removed Values Added
References () https://www.veritas.com/content/support/en_US/security/VTS23-007 - Vendor Advisory () https://www.veritas.com/content/support/en_US/security/VTS23-007 - Vendor Advisory
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.2

14 Jul 2023, 19:15

Type Values Removed Values Added
Summary An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.

16 May 2023, 20:13

Type Values Removed Values Added
CPE cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
CWE CWE-89
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-007 - (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-007 - Vendor Advisory

10 May 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-10 05:15

Updated : 2024-11-21 08:03


NVD link : CVE-2023-32569

Mitre link : CVE-2023-32569

CVE.ORG link : CVE-2023-32569


JSON object : View

Products Affected

veritas

  • infoscale_operations_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')