CVE-2023-32568
HIGHVeritas InfoScale Operations Manager < 7.4.2.800 and 8.x < 8.0.410 - Authenticated OS Command Injection
Title source: llmDescription
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.
References (1)
Core 1
Core References
Vendor Advisory
https://www.veritas.com/content/support/en_US/security/VTS23-007
Scores
CVSS v3
7.2
EPSS
0.0070
EPSS Percentile
48.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-78
Status
published
Products (1)
veritas/infoscale_operations_manager
< 7.4.2.800
Published
May 10, 2023
Tracked Since
Feb 18, 2026