CVE-2022-26483

Name of the Vulnerable Software and Affected Versions Veritas InfoScale Operations Manager versions prior to 7.4.2 Patch 600 Veritas InfoScale Operations Manager versions 8.x prior to 8.0.0 Patch 100

Description A reflected cross-site scripting (XSS) issue allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter, which reflects user input without sanitization. This occurs in the listdir.pl file within the admin/cgi-bin directory.

Recommendations For versions prior to 7.4.2 Patch 600, update to 7.4.2 Patch 600 or later. For versions 8.x prior to 8.0.0 Patch 100, update to 8.0.0 Patch 100 or later. As a temporary workaround, consider restricting access to the admin/cgi-bin/listdir.pl endpoint until a patch is applied.