CVE-2023-32568

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.

Published: May 10, 2023
Updated: May 17, 2023
CVE: CVE-2023-32568
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
veritas / infoscale_operations_manager	8.0.0	8.0.410
veritas / infoscale_operations_manager	-	7.4.2.800

https://www.veritas.com/content/support/en_US/security/VTS23-007

Vulnerability Database

290,206

CVE-2023-32568