CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38404
https://notcve.org/view.php?id=CVE-2023-38404
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. • https://www.veritas.com/content/support/en_US/security/VTS23-009 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32569
https://notcve.org/view.php?id=CVE-2023-32569
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. • https://www.veritas.com/content/support/en_US/security/VTS23-007 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32568
https://notcve.org/view.php?id=CVE-2023-32568
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. • https://www.veritas.com/content/support/en_US/security/VTS23-007 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26484
https://notcve.org/view.php?id=CVE-2022-26484
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. Se ha detectado un problema en Veritas InfoScale Operations Manager (VIOM) versiones anteriores a 7.4.2 Parche 600 y 8.x versiones anteriores a 8.0.0 Parche 100. El servidor web no sanea los datos de entrada de admin/cgi-bin/rulemgr.pl/getfile/, lo que permite a un administrador remoto autenticado leer archivos arbitrarios en el sistema por medio de un Salto de Directorio. • https://www.veritas.com/content/support/en_US/security/VTS22-002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26483
https://notcve.org/view.php?id=CVE-2022-26483
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). Se ha detectado un problema en Veritas InfoScale Operations Manager (VIOM) versiones anteriores a 7.4.2 Parche 600 y 8.x versiones anteriores a 8.0.0 Parche 100. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el archivo admin/cgi-bin/listdir.pl permite a los administradores remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios en un parámetro GET de HTTP (que refleja la entrada del usuario sin saneo) • https://www.veritas.com/content/support/en_US/security/VTS22-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •