CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:U/UI:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
veritasinfoscale_operations_manager
7.0.0 ≤
𝑥
< 8.0.0.410
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.veritas.com/content/support/en_US/security/VTS23-009
https://www.veritas.com/content/support/en_US/security/VTS23-009