CVE-2023-38404 — HIGH (7.2)

Q: How severe is CVE-2023-38404?

CVE-2023-38404 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-38404?

Check the references section above for vendor advisories and patch information. Affected products include: Veritas Infoscale Operations Manager.

Vulnerability Description

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Veritas	Infoscale Operations Manager	>= 7.0.0, < 8.0.0.410

Related Weaknesses (CWE)

CWE-434

References

https://www.veritas.com/content/support/en_US/security/VTS23-009Vendor Advisory
https://www.veritas.com/content/support/en_US/security/VTS23-009Vendor Advisory

FAQ

What is CVE-2023-38404?

CVE-2023-38404 is a vulnerability with a CVSS score of 7.2 (HIGH). The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can th...

How severe is CVE-2023-38404?

CVE-2023-38404 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-38404?

Check the references section above for vendor advisories and patch information. Affected products include: Veritas Infoscale Operations Manager.