Data Insight
by Symantec
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-46542 | Med | 0.42 | 6.5 | 0.01 | Dec 30, 2024 | Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. | ||
| CVE-2025-43704 | Med | 0.31 | 4.7 | 0.00 | Apr 16, 2025 | Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. | ||
| CVE-2024-47854 | 0.00 | — | 0.01 | Oct 4, 2024 | An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | |||
| CVE-2014-3433 | 0.00 | — | 0.02 | Jun 27, 2014 | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue. | |||
| CVE-2014-3432 | 0.00 | — | 0.02 | Jun 27, 2014 | Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. |
- risk 0.42cvss 6.5epss 0.01
Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.
- risk 0.31cvss 4.7epss 0.00
Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server.
- CVE-2024-47854Oct 4, 2024risk 0.00cvss —epss 0.01
An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.
- CVE-2014-3433Jun 27, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.
- CVE-2014-3432Jun 27, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.