SQL Injection Vulnerability in Veritas InfoScale Operations Manager Web Application
CVE-2023-32569

9.8CRITICAL

Key Information:

Vendor: Veritas
Status: Infoscale Operations Manager
Vendor: CVE Published:; 10 May 2023

Summary

The InfoScale Operations Manager web application developed by Veritas is susceptible to an SQL injection flaw, which can be exploited by authenticated admin users. This vulnerability enables attackers to execute arbitrary SQL commands on the backend database. Consequently, sensitive data can be compromised, manipulated, or deleted, affecting data integrity and security. It is crucial for organizations using affected versions to apply security updates to mitigate this risk.

References

https://www.veritas.com/content/support/en_US/security/VT...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
May 10, 2023