Admins use Veritas InfoScale Operations Manager (VIOM) to manage Veritas InfoScale environments. It combines physical, virtual and cloud infrastructures. Attackers could attack systems due to two vulnerabilities. Admins should act promptly. Safe versions are available.
According to an alert, there are two vulnerabilities in VIOM with a threat level of “hoch” classified. CVE numbers have obviously not yet been assigned.
By successfully exploiting the vulnerabilities, attackers could access information that is actually isolated. In one case, however, attackers must already have admin/root rights. Then they could launch attacks using manipulated inputs that are not properly verified. In such a position, however, attackers can usually already have an entire system at their disposal and gain complete control due to the high user rights.
In the second case, attackers could use an SQL injection attack to access the contents of the database and view or even manipulate entries there. The warning does not reveal how attacks could proceed in detail. It is not yet known whether there have already been attacks.
The editions 7.0, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.2 and 8.0 are specifically affected. It can be assumed that previous versions are also vulnerable. The developers state that they have closed the vulnerabilities in the following versions.
- VIOM 7.4.2 GA Update 188.8.131.520
- VIOM 8.0 GA Update 8.0.410