Severity
Critical
Description
Security research has disclosed that there is an arbitrary command injection vulnerability that affects multiple Veritas products.
What we know
This vulnerability allows an unauthenticated remote attacker to execute arbitrary commands as root. The following Veritas products are known to be affected:
·
Veritas InfoScale and Related Products (InfoScale Availability, InfoScale Enterprise, Cluster Server and Storage Foundation HA) when using VCS in non-secure mode
·
Flex Appliance
·
Access and Access Appliance
No other Veritas products are believed to be affected by this issue.
Veritas will communicate any new and updated information as soon as we discover and verify the information. Questions and comments are welcomed and should be directed to Veritas Support.
Action Required
Please refer to the Master Advisory for more details on the security advisory and recommended action.