CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
Configurations

Configuration 1 (hide)

cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.2
References () https://www.veritas.com/content/support/en_US/security/VTS23-009 - Vendor Advisory () https://www.veritas.com/content/support/en_US/security/VTS23-009 - Vendor Advisory

27 Jul 2023, 23:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-009 - (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-009 - Vendor Advisory
CPE cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
CWE CWE-434

17 Jul 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-17 21:15

Updated : 2024-11-21 08:13


NVD link : CVE-2023-38404

Mitre link : CVE-2023-38404

CVE.ORG link : CVE-2023-38404


JSON object : View

Products Affected

veritas

  • infoscale_operations_manager
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type