Published: 05/11/2019 Updated: 24/08/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote malicious user to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and previous versions, Access Appliance 7.4.2 and previous versions, Flex Appliance 1.2 and previous versions, InfoScale 7.3.1 and previous versions, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and previous versions on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and previous versions on Windows, Storage Foundation HA (SFHA) 6.2.1 and previous versions on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and previous versions on Windows.

Vulnerable Product	Search on Vulmon	Subscribe to Product
veritas access
veritas access appliance
veritas flex appliance
veritas infoscale
veritas cluster_server
veritas storage_foundation_ha

CWE-77 https://www.veritas.com/content/support/en_US/security/VTS19-004 https://www.veritas.com/content/support/en_US/security/VTS19-003 https://www.veritas.com/content/support/en_US/security/VTS19-006 https://www.veritas.com/content/support/en_US/security/VTS19-005 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18780

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect