Arctera InfoScale Operations Manager PostgreSQL Vulnerability

Revision History

• 1.0: March 19, 2025: Initial version

Description

A vulnerability was discovered in Arctera InfoScale Operations Manager version 8.0.2.540 and prior 8.0.2 versions due to inclusion of PostgreSQL 14.x which was found to have a Missing Authorization Vulnerability  (CVE-2024-4317).

Issue

CVE ID: CVE-2024-4317

Severity: MEDIUM

CVSS v3.1 Base Score 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CWE-862: Missing Authorization

Affected Versions

Arctera InfoScale Operations Manager versions 8.0.2 to 8.0.2.540 are affected.

Remediation

Customers on version 8.0.2 under a current maintenance contract should apply the InfoScale Operations Manager PostgreSQL CVE-2024-4317 Vulnerability Fix available here:

• https://www.veritas.com/support/en_US/downloads/detail.REL133180#item3

See the Download Center for all available updates: https://www.veritas.com/support/en_US/downloads

Questions

For questions or problems regarding these vulnerabilities please contact Arctera Technical Support (https://www.arctera.io/support)

Disclaimer

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.  Arctera US LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.  THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Arctera US LLC
6200 Stoneridge Mall Road, Suite 150
Pleasanton, CA 94588