CVE-2023-32569

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32569
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.veritas.com/content/support/en_US/security/VTS23-007 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
History

14 Jul 2023, 19:15

Type Values Removed Values Added
Summary An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.

16 May 2023, 20:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-89
CPE cpe:2.3:a:veritas:infoscale_operations_manager:*:*:*:*:*:*:*:*
First Time Veritas infoscale Operations Manager
Veritas
References (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-007 - (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-007 - Vendor Advisory

10 May 2023, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-10 05:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-32569

Mitre link : CVE-2023-32569

CVE.ORG link : CVE-2023-32569

JSON object : View

Products Affected

veritas

  • infoscale_operations_manager
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')