Vulnerability Details : CVE-2023-38404
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
Products affected by CVE-2023-38404
- cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-38404
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-38404
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
MITRE | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-38404
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-38404
-
https://www.veritas.com/content/support/en_US/security/VTS23-009
Veritas InfoScale Operations Manager (VIOM) Command Execution via Insecure File Upload Security AdvisoryVendor Advisory
Jump to