CVE-2019-18780

Name of the Vulnerable Software and Affected Versions Veritas Access versions 7.4.2 and earlier Veritas Access Appliance versions 7.4.2 and earlier Veritas Flex Appliance version 1.2 and earlier Veritas InfoScale versions 7.3.1 and earlier Veritas InfoScale versions 7.4.0 through 7.4.1 Veritas Cluster Server (VCS) version 6.2.1 and earlier on Linux/UNIX Veritas Cluster Server (VCS) version 6.1 and earlier on Windows Veritas Storage Foundation HA (SFHA) version 6.2.1 and earlier on Linux/UNIX Veritas Storage Foundation HA (SFHA) version 6.1 and earlier on Windows

Description The issue is related to an arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale, allowing an unauthenticated remote attacker to execute arbitrary commands as root or administrator. This vulnerability is also associated with a lack of input data sanitization.

Recommendations For Veritas Access versions 7.4.2 and earlier, update to a version later than 7.4.2. For Veritas Access Appliance versions 7.4.2 and earlier, update to a version later than 7.4.2. For Veritas Flex Appliance version 1.2 and earlier, update to a version later than 1.2. For Veritas InfoScale versions 7.3.1 and earlier, update to a version later than 7.3.1. For Veritas InfoScale versions 7.4.0 through 7.4.1, update to a version later than 7.4.1. For Veritas Cluster Server (VCS) version 6.2.1 and earlier on Linux/UNIX, update to a version later than 6.2.1. For Veritas Cluster Server (VCS) version 6.1 and earlier on Windows, update to a version later than 6.1. For Veritas Storage Foundation HA (SFHA) version 6.2.1 and earlier on Linux/UNIX, update to a version later than 6.2.1. For Veritas Storage Foundation HA (SFHA) version 6.1 and earlier on Windows, update to a version later than 6.1.