CVE-2026-44925

HIGH

InfoScale Operations Manager 9.1.3 - Cross-Site Request Forgery

Title source: llm

Description

Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge.

References (2)

Core 2

Core References

https://www.veritas.com/support/en_US/doc/120571566-166757640-0/viom_tot_v118836641-166757640

https://supportinfoscale.cloud.com/support-home/kbsearch/article?articleNumber=1000766080&articleTitle=InfoScale_Operations_Manager_IOM_web_application_Security_Bulletin_for_CVE_2026_44923_CVE_2026_44924_and_CVE_2026_44925

Scores

CVSS v3 8.8

EPSS 0.0020

EPSS Percentile 9.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-352

Status published

Products (1)

veritas/infoscale_operations_manager < 9.1.3

Published May 20, 2026

Tracked Since May 20, 2026