CVE-2024-47854

Name of the Vulnerable Software and Affected Versions Veritas Data Insight versions prior to 7.1

Description A security issue was discovered that allows a remote attacker to inject an arbitrary web script into an HTTP request, which could reflect back to an authenticated user without sanitization if executed by that user. This issue affects Veritas Data Insight and could potentially lead to data theft or malicious code execution.

Recommendations For versions prior to 7.1, upgrade the affected component to version 7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP request handler to minimize the risk of exploitation.