Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26484

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.

Published

2022-03-04T19:15:09.107

Last Modified

2024-11-21T06:54:02.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

6.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	veritas	infoscale_operations_manager	< 7.4.2.600	Yes
Application	veritas	infoscale_operations_manager	8.0.0	Yes

References

https://www.veritas.com/content/support/en_US/security/VTS22-002 Patch, Vendor Advisory ([email protected])
https://www.veritas.com/content/support/en_US/security/VTS22-002 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)