Admins managing Veritas InfoScale environments rely on Veritas InfoScale Operations Manager (VIOM) as their primary tool. VIOM offers combined control of physical, virtual, and cloud infrastructures. However, recent developments have exposed two new vulnerabilities. Attackers may exploit these vulnerabilities to gain access to private data, making it crucial for admins to act promptly to secure their systems. Safe versions of VIOM are available for download.
According to the warning message, the two vulnerabilities in VIOM are classified as “high” risk. Even without assigned CVE numbers, the vulnerabilities require urgent action from admins. Attackers who successfully exploit these vulnerabilities could bypass system security to access information that would otherwise be unreachable.
In one case, attackers must have admin/root rights, but this is often a position they already have when attacking a system. In this scenario, attackers may launch manipulated inputs that are not correctly verified, allowing them to gain complete control over the system. In the second case, an SQL injection attack can give attackers access to a system’s database, where they can view or even manipulate the data contained within it.
The warning does not provide detailed information on how these attacks could proceed, and there is no evidence of any attacks so far. However, the affected versions of VIOM are 7.0, 7.1, 7.2, 7.3, 7.3.1, 7.4, 7.4.2, and 8.0. Earlier versions may also be vulnerable, and it is essential to update to a secure version as soon as possible.
Developers have released two secure versions of VIOM, i.e., VIOM 7.4.2 GA Update version 7.4.2.800 and VIOM 8.0 GA Update version 8.0.410(des). It is the responsibility of admins to download the patch immediately and update their systems to prevent these vulnerabilities from being exploited.
In conclusion, the security of our systems is critical, and this warning is a reminder that any potential threats must be addressed promptly. Admins should download the safe versions available and deploy the patches to secure their systems effectively. Proactive measures such as staying updated with necessary downloads can help curb the effects of malicious attacks, making it easier to manage and protect Veritas InfoScale environments from threats.
