Veritas InfoScale Command Server Improper Access Control Vulnerability

A vulnerability allowing improper access control has been identified in Veritas InfoScale Command Server versions through 7.4.1. The issue arises because the Command Server can be optionally configured to run in an insecure mode, which may expose the system to unauthorized access or actions. This vulnerability is particularly concerning for customers who have not upgraded to version 7.4.2, where the Secure mode is the default.

Impact

Exploiting this vulnerability could lead to unauthorized access or actions within the InfoScale Command Server, potentially allowing attackers to manipulate the system or its data inappropriately.

Remediation

Customers using InfoScale Command Server versions 7.4.1 or prior should check if their cluster is running in Non-Secure Mode. If it is, they should either upgrade to version 7.4.2 or change the cluster configuration to Secure Mode. Instructions for disabling the CmdServer daemon are available in the Cluster Server 7.4.2 Administrator's Guide for AIX.