{
  "document" : {
    "aggregate_severity" : {
      "text" : "mittel"
    },
    "category" : "csaf_base",
    "csaf_version" : "2.0",
    "distribution" : {
      "tlp" : {
        "label" : "WHITE",
        "url" : "https://www.first.org/tlp/"
      }
    },
    "lang" : "de-DE",
    "notes" : [ {
      "category" : "legal_disclaimer",
      "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen."
    }, {
      "category" : "description",
      "text" : "Veritas InfoScale ist eine anwendungsorientierte Speicherverwaltungslösung zur Optimierung der IT-Servicekontinuität in Unternehmen.",
      "title" : "Produktbeschreibung"
    }, {
      "category" : "summary",
      "text" : "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Veritas Infoscale ausnutzen, um beliebigen Programmcode auszuführen.",
      "title" : "Angriff"
    }, {
      "category" : "general",
      "text" : "- UNIX\n- Linux\n- Windows",
      "title" : "Betroffene Betriebssysteme"
    } ],
    "publisher" : {
      "category" : "other",
      "contact_details" : "csaf-provider@cert-bund.de",
      "name" : "Bundesamt für Sicherheit in der Informationstechnik",
      "namespace" : "https://www.bsi.bund.de"
    },
    "references" : [ {
      "category" : "self",
      "summary" : "WID-SEC-W-2023-1774 - CSAF Version",
      "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1774.json"
    }, {
      "category" : "self",
      "summary" : "WID-SEC-2023-1774 - Portal Version",
      "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1774"
    }, {
      "category" : "external",
      "summary" : "Veritas Support Advisory Report vom 2023-07-17",
      "url" : "https://www.veritas.com/content/support/en_US/security/VTS23-009"
    }, {
      "category" : "external",
      "summary" : "Github Security Advisory GHSA-jf7v-xm37-v23m vom 2023-07-17",
      "url" : "https://github.com/advisories/GHSA-jf7v-xm37-v23m"
    } ],
    "source_lang" : "en-US",
    "title" : "Veritas Infoscale: Schwachstelle ermöglicht Codeausführung",
    "tracking" : {
      "current_release_date" : "2023-07-17T22:00:00.000+00:00",
      "generator" : {
        "date" : "2024-08-15T17:55:42.235+00:00",
        "engine" : {
          "name" : "BSI-WID",
          "version" : "1.3.5"
        }
      },
      "id" : "WID-SEC-W-2023-1774",
      "initial_release_date" : "2023-07-17T22:00:00.000+00:00",
      "revision_history" : [ {
        "date" : "2023-07-17T22:00:00.000+00:00",
        "number" : "1",
        "summary" : "Initiale Fassung"
      } ],
      "status" : "final",
      "version" : "1"
    }
  },
  "product_tree" : {
    "branches" : [ {
      "branches" : [ {
        "branches" : [ {
          "category" : "product_name",
          "name" : "Veritas Infoscale Operations Manager < 8.0.2",
          "product" : {
            "name" : "Veritas Infoscale Operations Manager < 8.0.2",
            "product_id" : "T028660",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:veritas:infoscale:operations_manager__8.0.2"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Veritas Infoscale Operations Manager Agents < 7.4.2.810",
          "product" : {
            "name" : "Veritas Infoscale Operations Manager Agents < 7.4.2.810",
            "product_id" : "T028661",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:veritas:infoscale:operations_manager_agents__7.4.2.810"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Veritas Infoscale Operations Manager < 8.0.0.410",
          "product" : {
            "name" : "Veritas Infoscale Operations Manager < 8.0.0.410",
            "product_id" : "T028662",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:veritas:infoscale:operations_manager__8.0.0.410"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Veritas Infoscale Operations Manager Agents < 8.0.0.410",
          "product" : {
            "name" : "Veritas Infoscale Operations Manager Agents < 8.0.0.410",
            "product_id" : "T028663",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:veritas:infoscale:operations_manager_agents__8.0.0.410"
            }
          }
        }, {
          "category" : "product_name",
          "name" : "Veritas Infoscale Operations Manager Agents < 8.0.2.0",
          "product" : {
            "name" : "Veritas Infoscale Operations Manager Agents < 8.0.2.0",
            "product_id" : "T028664",
            "product_identification_helper" : {
              "cpe" : "cpe:/a:veritas:infoscale:operations_manager_agents__8.0.2.0"
            }
          }
        } ],
        "category" : "product_name",
        "name" : "Infoscale"
      } ],
      "category" : "vendor",
      "name" : "Veritas"
    } ]
  },
  "vulnerabilities" : [ {
    "cve" : "CVE-2023-38404",
    "notes" : [ {
      "category" : "description",
      "text" : "Es existiert eine Schwachstelle in Veritas Infoscale. Es ist möglich Dateien eines beliebigen Types hochzuladen und auszuführen. Ein entfernter, authentisierter Angreifer mit bestimmten Rechten kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen."
    } ],
    "release_date" : "2023-07-17T22:00:00.000+00:00",
    "title" : "CVE-2023-38404"
  } ]
}