CVE-2023-38404

EUVD-2023-42221
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
veritasinfoscale_operations_manager
7.0.0 ≤
𝑥
< 8.0.0.410
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.veritas.com/content/support/en_US/security/VTS23-009
https://www.veritas.com/content/support/en_US/security/VTS23-009