The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
References
Link | Resource |
---|---|
https://www.veritas.com/content/support/en_US/security/VTS23-009 | Vendor Advisory |
https://www.veritas.com/content/support/en_US/security/VTS23-009 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:13
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://www.veritas.com/content/support/en_US/security/VTS23-009 - Vendor Advisory |
27 Jul 2023, 23:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-009 - Vendor Advisory | |
CPE | cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:* | |
CWE | CWE-434 |
17 Jul 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-17 21:15
Updated : 2024-11-21 08:13
NVD link : CVE-2023-38404
Mitre link : CVE-2023-38404
CVE.ORG link : CVE-2023-38404
JSON object : View
Products Affected
veritas
- infoscale_operations_manager
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type