CVE-2022-26484

Name of the Vulnerable Software and Affected Versions Veritas InfoScale Operations Manager versions prior to 7.4.2 Patch 600 Veritas InfoScale Operations Manager versions 8.x prior to 8.0.0 Patch 100

Description The web server in Veritas InfoScale Operations Manager fails to sanitize input data for the "admin/cgi-bin/rulemgr.pl/getfile/" endpoint, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. This can be achieved by manipulating the resource name in GET requests referring to files with absolute paths, potentially accessing application source code, configuration files, and critical system files.

Recommendations For versions prior to 7.4.2 Patch 600, update to 7.4.2 Patch 600 or later. For versions 8.x prior to 8.0.0 Patch 100, update to 8.0.0 Patch 100 or later. As a temporary workaround, consider restricting access to the "admin/cgi-bin/rulemgr.pl/getfile/" endpoint until a patch is applied.