Directory Traversal Vulnerability in Veritas Resiliency Platform
CVE-2019-14418

9.1CRITICAL

Key Information:

Vendor
Veritas
Status
Resiliency Platform
Vendor
CVE Published:
29 July 2019

Summary

A directory traversal vulnerability has been identified in Veritas Resiliency Platform (VRP) versions prior to 3.4 HF1. This flaw enables an authenticated user with sufficient privileges to upload an application bundle, which could be exploited to overwrite any file within the VRP virtual machine. Such an attack could allow a malicious user to replace critical existing files, potentially granting them control over the VRP environment. It is crucial for users of affected versions to apply necessary patches to mitigate this risk.

References

https://www.veritas.com/content/support/en_US/security/VT...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/Jul/39
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/153842/Veritas-Resil...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-14418 : Directory Traversal Vulnerability in Veritas Resiliency Platform | SecurityVulnerability.io