Persistent Cross-Site Scripting Vulnerability in Veritas Resiliency Platform
CVE-2019-14415

5.9MEDIUM

Key Information:

Vendor
Veritas
Status
Resiliency Platform
Vendor
CVE Published:
29 July 2019

Summary

A persistent cross-site scripting vulnerability exists in the Veritas Resiliency Platform prior to version 3.4 HF1. This vulnerability enables an attacker with access to a resiliency plan to inject harmful scripts into another user's browser session. For a victim to be exploited, they must access a resiliency plan compromised by the attacker, potentially leading to significant security breaches.

References

https://www.veritas.com/content/support/en_US/security/VT...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jul/39
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/153842/Veritas-Resil...
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.