CVE-2023-38404: Malicious File Upload
First published: Mon Jul 17 2023(Updated: )
The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veritas InfoScale Operations Manager | >=7.0.0<8.0.0.410 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-38404?
CVE-2023-38404 is a vulnerability in the XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 that allows an authenticated attacker to upload and execute malicious files on the remote server.
How severe is CVE-2023-38404?
CVE-2023-38404 has a severity score of 8.8, which is considered high.
How does CVE-2023-38404 affect Veritas InfoScale Operations Manager?
CVE-2023-38404 affects Veritas InfoScale Operations Manager versions before 8.0.0.410.
How can an attacker exploit CVE-2023-38404?
An authenticated attacker can exploit CVE-2023-38404 by uploading and executing malicious files on the remote server.
Is there a fix for CVE-2023-38404?
Yes, the fix for CVE-2023-38404 is to upgrade to Veritas InfoScale Operations Manager version 8.0.0.410 or later.
- collector/nvd-latest
- collector/nvd-index
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/veritas
- canonical/veritas infoscale operations manager
- version/veritas infoscale operations manager/7.0.0