The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server..This CVE has a CVSS3.1 score of 7.2 and a Base Severity of HIGH.
| Info | Details |
|---|---|
| CVE ID | CVE-2023-38404 |
| CVE State | PUBLISHED |
| BaseScore | 7.2 |
| BaseSeverity | HIGH |
| VectorString | CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:U/UI:N |
| Version | NA |
References for CVE-2023-38404 :
https://www.veritas.com/content/support/en_US/security/VTS23-009
| Metric Type | Metric Score |
|---|---|
| AttackVector(AV) | NETWORK |
| AttackComplexity(AC) | LOW |
| PrivilegesRequired(PR) | HIGH |
| UserInteraction(UI) | NONE |
| Scope(S) | UNCHANGED |
| Confidentiality(C) | HIGH |
| Availability(A) | HIGH |
| Integrity(I) | HIGH |