CVE-2023-38404

HIGH

Veritas InfoScale Ops Mgr <8.0.0.410 - Command Injection

Title source: llm

Description

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.

References (1)

[Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS23-009

Scores

CVSS v3 7.2

EPSS 0.0011

EPSS Percentile 30.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-434

Status published

Affected Products (1)

veritas/infoscale_operations_manager < 8.0.0.410

Timeline

Published Jul 17, 2023

Tracked Since Feb 18, 2026