CVE-2019-14418

HIGH

Veritas Resiliency Platform <3.4 HF1 - Path Traversal

Title source: llm
STIX 2.1

Description

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.

References (3)

Core 3
Core References
Broken Link, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jul/39

Scores

CVSS v3 8.8
EPSS 0.0412
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (10)
veritas/resiliency_platform 1.2
veritas/resiliency_platform 2.0
veritas/resiliency_platform 2.1
veritas/resiliency_platform 2.2 (2 CPE variants)
veritas/resiliency_platform 3.0
veritas/resiliency_platform 3.1
veritas/resiliency_platform 3.2
veritas/resiliency_platform 3.3
veritas/resiliency_platform 3.3.1
veritas/resiliency_platform 3.3.2
Published Jul 29, 2019
Tracked Since Feb 18, 2026