An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.
References
Link | Resource |
---|---|
https://www.veritas.com/content/support/en_US/security/VTS23-007 | Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS23-007 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.veritas.com/content/support/en_US/security/VTS23-007 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
14 Jul 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. |
16 May 2023, 20:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:* | |
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-007 - Vendor Advisory |
10 May 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-10 05:15
Updated : 2024-11-21 08:03
NVD link : CVE-2023-32569
Mitre link : CVE-2023-32569
CVE.ORG link : CVE-2023-32569
JSON object : View
Products Affected
veritas
- infoscale_operations_manager
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')