InfoScale Operations Manager (IOM) web application Security Bulletin for CVE-2026-44923, CVE-2026-44924, and CVE-2026-44925
Article ID: 1000766080
Updated On:
Description
InfoScale Operations Manager (IOM) are affected with the vulnerabilities mentioned below:
| CVE-ID | Description | CWE | CVSSv4 |
| CVE-2026-44923 | SQL Injection vulnerability in the Operations Manager (VIOM) allows remote attackers to directly gain access to the underlying database without authentication. | CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | CVSS v4.0 Base Score: 9.4 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) |
| CVE-2026-44924 | Multiple vulnerabilities in the web-based management interface of InfoScale Operations Manager (VIOM) could allow an authenticated, remote attacker with guest or administrative privileges to conduct a stored cross-site scripting (XSS) attack or a reflected XSS attack against a user of the web-based management interface. | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | CVSS v4.0 Base Score: 8.5 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L) |
| CVE-2026-44925 | Cross-Site Request Forgery (CSRF) vulnerability in InfoScale Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge. | CWE-352: Cross-Site Request Forgery (CSRF) | CVSS v4.0 Base Score: 8.7 (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L) |
What Customers Should Do
Cloud Software Group strongly urges affected customers of InfoScale Operations Manager to install the relevant updated versions as soon as possible.
- InfoScale Operations Manager (VIOM) 9.1.3 and later releases
Note - All versions of InfoScale Operations Manager (VIOM) 9.0.x ,8.x.x and 7.x.x are no longer supported for Security Patches
Acknowledgement
Cloud Software Group thanks Marco Ventura, Claudia Bartolini, Valentina Stefanizzi, and Massimiliano Brolli of TIM Security Red Team Research - TIM S.p.A for working with us to protect Cloud Software Group customers.
Environment
The information on this page is being provided to you on an "AS IS" and "AS-AVAILABLE" basis. The issues described on this page may or may not impact your system(s). Cloud Software Group, Inc. and its subsidiaries (collectively, "Cloud SG") make no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY DISCLAIMED. BY ACCESSING THIS PAGE, YOU ACKNOWLEDGE THAT CLOUD SG SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. Cloud SG reserves the right to change or update the information on this page at any time. We accordingly recommend that you always view the latest version of this page. The information contained herein is being provided to you under the terms of your applicable customer agreement with Cloud SG, and may be used only for the purposes contemplated by such agreement. If you do not have such an agreement with Cloud SG, this information is provided under the cloud.com Terms of Use, and may be used only for the purposes contemplated by such Terms of Use.
Issue/Introduction
Severity - Critical
Description of Problem
Multiple vulnerabilities have been discovered in InfoScale Operations Manager (VIOM) web application. Refer below for further details.
Affected Versions:
The following supported versions of InfoScale Operations Manager are affected by the vulnerabilities:
- InfoScale Operations Manager (IOM) BEFORE 9.1.3
Additional Information
Changelog
| 2026-05-19 | Initial Publication |
Reporting Security Vulnerabilities to Cloud Software Group
Cloud Software Group welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Cloud Software Group, please see the following webpage: https://www.cloud.com/trust-center/support
