CVE-2022-26484

MEDIUM

Veritas Infoscale Operations Manager < 7.4.2.600 - Path Traversal

Title source: rule

Description

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.

References (1)

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS22-002

Scores

CVSS v3 4.9

EPSS 0.0026

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (2)

veritas/infoscale_operations_manager < 7.4.2.600

veritas/infoscale_operations_manager

Timeline

Published Mar 04, 2022

Tracked Since Feb 18, 2026