Arbitrary File Upload Vulnerability in Veritas eDiscovery Platform
CVE-2024-27283

7.2HIGH

Key Information:

Vendor: Veritas
Status: Ediscovery Platform
Vendor: CVE Published:; 22 February 2024

Summary

A significant security flaw was identified in Veritas eDiscovery Platform prior to version 10.2.5, which permits application administrators to upload files to arbitrary locations on the server. This vulnerability could enable malicious actors to exploit the system by uploading harmful files, potentially compromising server integrity and leading to unauthorized access or further exploitation. Organizations using this platform are advised to update to the latest version and review security protocols to mitigate risks associated with this type of vulnerability.

References

https://www.veritas.com/support/en_US/security/VTS23-020

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 22, 2024
Vulnerability Reserved
Feb 22, 2024