Veritas Resiliency Platform (VRP) Traversal / Command Execution

2019.08.01
Credit: David Dillard
Risk: High
Local: No
Remote: Yes
CWE: CWE-22
CWE-78

Four vulnerabilities have been fixed in VRP 3.4 HF1, one of which is of critical severity. Directory traversal vulnerability related to uploading application bundles CVE-2019-14415 Critical severity Arbitrary command execution vulnerability with root privilege related to DNS server configuration CVE-2019-14416 High severity Arbitrary command execution vulnerability with root privilege related to resiliency plans and custom scripts CVE-2019-14417 High severity A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. CVE-2019-14418 Medium severity https://www.veritas.com/content/support/en_US/security/VTS19-002.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top