CVE-2024-27283

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.veritas.com/support/en_US/security/VTS23-020	Vendor Advisory
https://www.veritas.com/support/en_US/security/VTS23-020	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:veritas:ediscovery_platform:*:*:*:*:*:*:*:*

History

06 May 2025, 17:33

Type	Values Removed	Values Added
CPE		cpe:2.3:a:veritas:ediscovery_platform::::::::
First Time		Veritas Veritas ediscovery Platform
References	~~() https://www.veritas.com/support/en_US/security/VTS23-020 -~~	() https://www.veritas.com/support/en_US/security/VTS23-020 - Vendor Advisory

21 Nov 2024, 09:04

Type	Values Removed	Values Added
References	~~() https://www.veritas.com/support/en_US/security/VTS23-020 -~~	() https://www.veritas.com/support/en_US/security/VTS23-020 -

27 Aug 2024, 19:35

Type	Values Removed	Values Added
CWE		CWE-434

22 Feb 2024, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-22 05:15

Updated : 2025-05-06 17:33

NVD link : CVE-2024-27283

Mitre link : CVE-2024-27283

CVE.ORG link : CVE-2024-27283

JSON object : View

Products Affected

veritas

ediscovery_platform

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-27283", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-02-22T05:15:10.087", "references": [{"url": "https://www.veritas.com/support/en_US/security/VTS23-020", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.veritas.com/support/en_US/security/VTS23-020", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad en Veritas eDiscovery Platform antes de la versi\u00f3n 10.2.5. El administrador de la aplicaci\u00f3n puede cargar archivos potencialmente maliciosos en ubicaciones arbitrarias del servidor en el que est\u00e1 instalada la aplicaci\u00f3n."}], "lastModified": "2025-05-06T17:33:16.897", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:ediscovery_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42043750-0206-4EF4-B18D-E51F457B7326", "versionEndExcluding": "10.2.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}