[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] VTS19-002: Multiple Vulnerabilities in Veritas Resiliency Platform (VRP)

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] VTS19-002: Multiple Vulnerabilities in Veritas Resiliency Platform (VRP)
From: David Dillard <David.Dillard@xxxxxxxxxxx>
Date: Tue, 30 Jul 2019 15:13:14 +0000

Four vulnerabilities have been fixed in VRP 3.4 HF1, one of which is of 
critical severity.

Directory traversal vulnerability related to uploading application bundles
CVE-2019-14415
Critical severity

Arbitrary command execution vulnerability with root privilege related to DNS 
server configuration
CVE-2019-14416
High severity

Arbitrary command execution vulnerability with root privilege related to 
resiliency plans and custom scripts
CVE-2019-14417
High severity

A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP 
user to inject malicious script into another user's browser, related to 
resiliency plans functionality.
CVE-2019-14418
Medium severity

https://www.veritas.com/content/support/en_US/security/VTS19-002.html


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
Previous by thread: [FD] APPLE-SA-2019-7-23-2 iTunes for Windows 12.9.6
Index(es):
- Date
- Thread