Veritas Resiliency Platform (VRP) suffers from cross site scripting, command execution, and directory traversal vulnerabilities. Versions prior to VRP 3.3.2 HF14 are affected.
1f0a7316731270d0fcca69d32e44b090Four vulnerabilities have been fixed in VRP 3.4 HF1, one of which is of critical severity.
Directory traversal vulnerability related to uploading application bundles
CVE-2019-14415
Critical severity
Arbitrary command execution vulnerability with root privilege related to DNS server configuration
CVE-2019-14416
High severity
Arbitrary command execution vulnerability with root privilege related to resiliency plans and custom scripts
CVE-2019-14417
High severity
A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality.
CVE-2019-14418
Medium severity
https://www.veritas.com/content/support/en_US/security/VTS19-002.html