CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38404
https://notcve.org/view.php?id=CVE-2023-38404
17 Jul 2023 — The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. • https://www.veritas.com/content/support/en_US/security/VTS23-009 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32568
https://notcve.org/view.php?id=CVE-2023-32568
10 May 2023 — An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. • https://www.veritas.com/content/support/en_US/security/VTS23-007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32569
https://notcve.org/view.php?id=CVE-2023-32569
10 May 2023 — An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. • https://www.veritas.com/content/support/en_US/security/VTS23-007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26484
https://notcve.org/view.php?id=CVE-2022-26484
04 Mar 2022 — An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, config... • https://www.veritas.com/content/support/en_US/security/VTS22-002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26483
https://notcve.org/view.php?id=CVE-2022-26483
04 Mar 2022 — An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). Se ha detectado un problema en Veritas InfoScale Operations Manager (VIOM) versiones anteriores a 7.4.2 Parche 600 y 8.x versiones anteriores a... • https://www.veritas.com/content/support/en_US/security/VTS22-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36166
https://notcve.org/view.php?id=CVE-2020-36166
06 Jan 2021 — An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to