Directory Traversal Vulnerability in Veritas InfoScale Operations Manager
CVE-2022-26484

4.9MEDIUM

Key Information:

Vendor: Veritas
Status: Infoscale Operations Manager
Vendor: CVE Published:; 4 March 2022

Summary

A vulnerability exists in Veritas InfoScale Operations Manager that permits a remote authenticated administrator to exploit a failure in input sanitization within the web server. By manipulating the resource name in GET requests, an attacker can gain access to arbitrary files on the system. This flaw may expose sensitive application source code, configuration files, and critical system files, potentially leading to significant data breaches and unauthorized access to system resources. For detailed insights and mitigative measures, refer to the official Veritas security advisory.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2022
Vulnerability Reserved
Mar 4, 2022