Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#m3	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#m3	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota un desbordamiento del búfer basado en la pila en el servidor primario de NetBackup, resultando en una denegación de servicio",
      },
   ],
   id: "CVE-2022-36998",
   lastModified: "2024-11-21T07:14:15.127",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.257",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#c1	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#c1	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup (en condiciones específicas de notificación)",
      },
   ],
   id: "CVE-2022-36992",
   lastModified: "2024-11-21T07:14:14.130",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.9,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.1,
            impactScore: 6,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.957",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#m6	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#m6	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup	10.0
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A22BA0AF-70FB-4948-B047-E62EA64EFFC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso a un cliente de NetBackup podría recopilar de forma remota información sobre cualquier host conocido por un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36996",
   lastModified: "2024-11-21T07:14:14.793",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.157",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#m1	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#m1	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podría leer remotamente archivos en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-37000",
   lastModified: "2024-11-21T07:14:15.457",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.370",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-04-01 23:15

Modified

2025-01-29 18:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

References

URL	Tags
security@vmware.com	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@vmware.com	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
security@vmware.com	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf	Patch, Third Party Advisory
security@vmware.com	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	Third Party Advisory
security@vmware.com	https://tanzu.vmware.com/security/cve-2022-22965	Mitigation, Vendor Advisory
security@vmware.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67	Third Party Advisory
security@vmware.com	https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
security@vmware.com	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tanzu.vmware.com/security/cve-2022-22965	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/970766
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuapr2022.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2022.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
vmware	spring_framework	*
vmware	spring_framework	*
oracle	jdk	*
cisco	cx_cloud_agent	*
oracle	communications_cloud_native_core_automated_test_suite	1.9.0
oracle	communications_cloud_native_core_automated_test_suite	22.1.0
oracle	communications_cloud_native_core_console	1.9.0
oracle	communications_cloud_native_core_console	22.1.0
oracle	communications_cloud_native_core_network_exposure_function	22.1.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	1.10.0
oracle	communications_cloud_native_core_network_function_cloud_native_environment	22.1.0
oracle	communications_cloud_native_core_network_repository_function	1.15.0
oracle	communications_cloud_native_core_network_repository_function	22.1.0
oracle	communications_cloud_native_core_network_slice_selection_function	1.8.0
oracle	communications_cloud_native_core_network_slice_selection_function	1.15.0
oracle	communications_cloud_native_core_network_slice_selection_function	22.1.0
oracle	communications_cloud_native_core_policy	1.15.0
oracle	communications_cloud_native_core_policy	22.1.0
oracle	communications_cloud_native_core_security_edge_protection_proxy	1.7.0
oracle	communications_cloud_native_core_security_edge_protection_proxy	22.1.0
oracle	communications_cloud_native_core_unified_data_repository	1.15.0
oracle	communications_cloud_native_core_unified_data_repository	22.1.0
oracle	communications_policy_management	12.6.0.0.0
oracle	financial_services_analytical_applications_infrastructure	8.1.1
oracle	financial_services_analytical_applications_infrastructure	8.1.2.0
oracle	financial_services_behavior_detection_platform	8.1.1.0
oracle	financial_services_behavior_detection_platform	8.1.1.1
oracle	financial_services_behavior_detection_platform	8.1.2.0
oracle	financial_services_enterprise_case_management	8.1.1.0
oracle	financial_services_enterprise_case_management	8.1.1.1
oracle	financial_services_enterprise_case_management	8.1.2.0
oracle	mysql_enterprise_monitor	*
oracle	product_lifecycle_analytics	3.6.1
oracle	retail_xstore_point_of_service	20.0.1
oracle	retail_xstore_point_of_service	21.0.0
oracle	sd-wan_edge	9.0
oracle	sd-wan_edge	9.1
siemens	operation_scheduler	*
siemens	sipass_integrated	2.80
siemens	sipass_integrated	2.85
siemens	siveillance_identity	1.5
siemens	siveillance_identity	1.6
veritas	access_appliance	7.4.3
veritas	access_appliance	7.4.3.100
veritas	access_appliance	7.4.3.200
veritas	access_appliance	7.4.3
veritas	access_appliance	7.4.3.100
veritas	access_appliance	7.4.3.200
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	netbackup_flex_scale_appliance	2.1
veritas	netbackup_flex_scale_appliance	3.0
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_virtual_appliance	4.0
veritas	netbackup_virtual_appliance	4.0.0.1
veritas	netbackup_virtual_appliance	4.0.0.1
veritas	netbackup_virtual_appliance	4.0.0.1
veritas	netbackup_virtual_appliance	4.1
veritas	netbackup_virtual_appliance	4.1.0.1
veritas	netbackup_virtual_appliance	4.1.0.1
siemens	operation_scheduler	*
siemens	simatic_speech_assistant_for_machines	*
siemens	sinec_network_management_system	*
siemens	sipass_integrated	2.80
siemens	sipass_integrated	2.85
siemens	siveillance_identity	1.5
siemens	siveillance_identity	1.6
oracle	commerce_platform	11.3.2
oracle	communications_cloud_native_core_binding_support_function	22.1.3
oracle	communications_unified_inventory_management	7.4.1
oracle	communications_unified_inventory_management	7.4.2
oracle	communications_unified_inventory_management	7.5.0
oracle	retail_bulk_data_integration	16.0.3
oracle	retail_customer_management_and_segmentation_foundation	17.0
oracle	retail_customer_management_and_segmentation_foundation	18.0
oracle	retail_customer_management_and_segmentation_foundation	19.0
oracle	retail_financial_integration	14.1.3.2
oracle	retail_financial_integration	15.0.3.1
oracle	retail_financial_integration	16.0.3
oracle	retail_financial_integration	19.0.1
oracle	retail_integration_bus	14.1.3.2
oracle	retail_integration_bus	15.0.3.1
oracle	retail_integration_bus	16.0.3
oracle	retail_integration_bus	19.0.1
oracle	retail_merchandising_system	16.0.3
oracle	retail_merchandising_system	19.0.1
oracle	weblogic_server	12.2.1.3.0
oracle	weblogic_server	12.2.1.4.0
oracle	weblogic_server	14.1.1.0.0

JSON

To clipboard

{
   cisaActionDue: "2022-04-25",
   cisaExploitAdd: "2022-04-04",
   cisaRequiredAction: "Apply updates per vendor instructions.",
   cisaVulnerabilityName: "Spring Framework JDK 9+ Remote Code Execution Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7417ECB4-3391-4273-9DAF-C9C82220CEA8",
                     versionEndExcluding: "5.2.20",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5049322E-FFAA-4CAA-B794-63539EA4E6D7",
                     versionEndExcluding: "5.3.18",
                     versionStartIncluding: "5.3.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19F22333-401B-4DB1-A63D-622FA54C2BA9",
                     versionStartIncluding: "9",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DA44823-E5F1-4922-BCCA-13BEB49C017B",
                     versionEndExcluding: "2.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5BB2213-08E7-497F-B672-556FD682D122",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B61A7946-F554-44A9-9E41-86114E4B4914",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D163AA57-1D66-4FBF-A8BB-F13E56E5C489",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4367D9B-BF81-47AD-A840-AC46317C774D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0425918A-03F1-4541-BDEF-55B03E07E115",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "3C2E50B0-64B6-4696-9213-F5D9016058A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "02AEDB9F-1040-4840-ACB6-8BF299886ACB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "059F0D4E-B007-4986-AB95-89F11147CB2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "078AEFC0-96DA-4F50-BE8E-8360718103A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7ECCD8C1-C055-4958-A613-B6D1609687F1",
                     versionEndExcluding: "8.0.29",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F978162-CB2C-4166-947A-9048C6E878BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B691D-C763-4692-A46A-3422FA821ACF",
                     versionEndExcluding: "2.0.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                     matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "26CDB573-611F-403C-9E9F-2A929B7B9602",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
                     matchCriteriaId: "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
                     matchCriteriaId: "2605B356-2BDE-45B2-AAB3-55236E163588",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "26CDB573-611F-403C-9E9F-2A929B7B9602",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
                     matchCriteriaId: "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
                     matchCriteriaId: "2605B356-2BDE-45B2-AAB3-55236E163588",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "66B1DC73-8B4C-418B-96A7-17C35E9164CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "48E6CF01-79F1-4E56-BB3C-02AE544876E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "62D12B2A-0167-4010-888E-30BB96DBA3F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F91A353F-6BEE-423E-BB6A-413C2C03D313",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3F72DF7-C2C6-4009-82D8-462714D80DF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "ED4BC39F-2A18-4F2D-B5A6-A1590D220611",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "63459D69-EC29-49A6-9577-A48B63C63063",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "7B20A490-3398-4B36-9630-98CADC801E9E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "435B691D-C763-4692-A46A-3422FA821ACF",
                     versionEndExcluding: "2.0.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D035FB7D-36A5-439E-9992-DE255F020AB5",
                     versionEndExcluding: "1.2.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D14E8FC-464B-414D-AE56-C20FF46E25FB",
                     versionEndExcluding: "1.0.3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
                     matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "3486C85C-57BC-433F-941C-E81539DA5C1D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "822A3C37-86F2-4E91-BE91-2A859F983941",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
      },
      {
         lang: "es",
         value: "Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. La explotación específica requiere que la aplicación sea ejecutada en Tomcat como un despliegue WAR. Si la aplicación es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotación. Sin embargo, la naturaleza de la vulnerabilidad es más general, y puede haber otras formas de explotarla",
      },
   ],
   id: "CVE-2022-22965",
   lastModified: "2025-01-29T18:15:44.133",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2022-04-01T23:15:13.870",
   references: [
      {
         source: "security@vmware.com",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://tanzu.vmware.com/security/cve-2022-22965",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "security@vmware.com",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Vendor Advisory",
         ],
         url: "https://tanzu.vmware.com/security/cve-2022-22965",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.kb.cert.org/vuls/id/970766",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujul2022.html",
      },
   ],
   sourceIdentifier: "security@vmware.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "security@vmware.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h5	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h5	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podría escribir arbitrariamente contenido en una ruta parcialmente controlada en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36991",
   lastModified: "2024-11-21T07:14:13.963",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.907",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#m4	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#m4	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría leer arbitrariamente archivos de un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36994",
   lastModified: "2024-11-21T07:14:14.463",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.053",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#m2	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#m2	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podría leer remotamente archivos en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36999",
   lastModified: "2024-11-21T07:14:15.287",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.307",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h8	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h8	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota un ataque de denegación de servicio contra un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36984",
   lastModified: "2024-11-21T07:14:12.733",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.7,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.1,
            impactScore: 4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.543",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2019-11-05 20:15

Modified

2024-11-21 04:33

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

References

URL	Tags
cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS19-003	Patch, Vendor Advisory
cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS19-004	Patch, Vendor Advisory
cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS19-005	Patch, Vendor Advisory
cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS19-006	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS19-003	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS19-004	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS19-005	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS19-006	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	access	*
veritas	access_appliance	*
veritas	flex_appliance	*
veritas	infoscale	*
veritas	infoscale	*
veritas	cluster_server	*
veritas	storage_foundation_ha	*
microsoft	windows	-
veritas	cluster_server	*
veritas	storage_foundation_ha	*
linux	linux_kernel	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F929286-63B6-4D5A-9CF3-BF7E66201F90",
                     versionEndIncluding: "7.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:access_appliance:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "488CA659-F66A-43FC-BF89-4B7BECA8E1C8",
                     versionEndIncluding: "7.4.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E22B14D-D236-486C-88A1-A105D4904F76",
                     versionEndIncluding: "1.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BECF4C9-6701-4A85-B3BC-F4D50DE04E2A",
                     versionEndIncluding: "7.3.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C10DD22-65A6-4C8A-BB37-C30D41842C7D",
                     versionEndIncluding: "7.4.1",
                     versionStartIncluding: "7.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "819C03F1-9596-4012-9722-F2B89202253E",
                     versionEndIncluding: "6.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E54C100-9BF4-4B7F-A2A5-B5671F267C7D",
                     versionEndIncluding: "6.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EF04E40-59C2-409E-8C39-95D999C3B35A",
                     versionEndIncluding: "6.2.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "313F7193-63CE-4A70-BC92-0A393126A0F8",
                     versionEndIncluding: "6.2.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de inyección de comandos arbitraria en el componente Cluster Server de Veritas InfoScale, permite a un atacante remoto no autenticado ejecutar comandos arbitrarios como root o administrador. Estos productos de Veritas están afectados: Access versión 7.4.2 y anteriores, Access Appliance versión 7.4.2 y anteriores, Flex Appliance versión 1.2 y anteriores, InfoScale versión 7.3.1 y anteriores, InfoScale versiones entre 7.4.0 y 7.4.1, Veritas Cluster Server (VCS) versión 6.2.1 y anteriores en Linux/UNIX, Veritas Cluster Server (VCS) versión 6.1 y anteriores en Windows, Storage Foundation HA (SFHA) versión 6.2.1 y anteriores en Linux/UNIX y Storage Foundation HA (SFHA) versión 6.1 y anteriores en Windows.",
      },
   ],
   id: "CVE-2019-18780",
   lastModified: "2024-11-21T04:33:33.170",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-11-05T20:15:11.203",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-003",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-004",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-005",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-006",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-004",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS19-006",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-77",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h4	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h4	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría escribir arbitrariamente archivos en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36987",
   lastModified: "2024-11-21T07:14:13.280",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 6,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.707",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h1	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h1	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36993",
   lastModified: "2024-11-21T07:14:14.297",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.007",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h6	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h6	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un servidor NetBackup OpsCenter, un servidor NetBackup Primary o un servidor NetBackup Media podría ejecutar remotamente comandos arbitrarios en un servidor NetBackup Primary o un servidor NetBackup Media",
      },
   ],
   id: "CVE-2022-36988",
   lastModified: "2024-11-21T07:14:13.443",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "HIGH",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.3,
            impactScore: 6,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.760",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h9	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h9	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota impactos que incluyen una lectura arbitraria de archivos, un ataque de tipo Server-Side Request Forgery (SSRF) y una denegación de servicio",
      },
   ],
   id: "CVE-2022-36997",
   lastModified: "2024-11-21T07:14:14.960",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 7.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 4.2,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.207",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-918",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h2	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h2	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36989",
   lastModified: "2024-11-21T07:14:13.613",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.810",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h7	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h7	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podría escalar potencialmente sus privilegios",
      },
   ],
   id: "CVE-2022-36985",
   lastModified: "2024-11-21T07:14:12.917",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "HIGH",
               baseScore: 7.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.607",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#c2	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#c2	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podría escribir remotamente archivos arbitrarios en ubicaciones arbitrarias desde cualquier Cliente a cualquier otro Cliente por medio de un servidor primario",
      },
   ],
   id: "CVE-2022-36990",
   lastModified: "2024-11-21T07:14:13.793",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.6,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.1,
            impactScore: 5.8,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.857",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#h3	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#h3	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36986",
   lastModified: "2024-11-21T07:14:13.090",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.6,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:17.657",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd

Published

2022-07-28 01:15

Modified

2024-11-21 07:14

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.

References

▼	URL	Tags
	cve@mitre.org	https://www.veritas.com/content/support/en_US/security/VTS22-004#m5	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.veritas.com/content/support/en_US/security/VTS22-004#m5	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
veritas	flex_appliance	1.2
veritas	flex_appliance	1.3
veritas	flex_appliance	2.0
veritas	flex_appliance	2.0.1
veritas	flex_appliance	2.0.2
veritas	flex_appliance	2.1
veritas	flex_scale	1.3.1
veritas	flex_scale	2.1
veritas	netbackup	8.1.1
veritas	netbackup	8.1.2
veritas	netbackup	8.2
veritas	netbackup	8.3
veritas	netbackup	8.3.0.1
veritas	netbackup	8.3.0.2
veritas	netbackup	9.0
veritas	netbackup	9.0.0.1
veritas	netbackup	9.1
veritas	netbackup	9.1.0.1
veritas	netbackup_appliance	3.1.1
veritas	netbackup_appliance	3.1.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	4.0
veritas	netbackup_appliance	4.1
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.2
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.1
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	3.3.0.2
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.0.0.1
veritas	netbackup_appliance	4.1.0.1
veritas	netbackup_appliance	4.1.0.1

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
                     matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
                     matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
                     matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.",
      },
      {
         lang: "es",
         value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría crear arbitrariamente directorios en un servidor primario de NetBackup",
      },
   ],
   id: "CVE-2022-36995",
   lastModified: "2024-11-21T07:14:14.633",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "cve@mitre.org",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-07-28T01:15:18.107",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2022-36993

Vulnerability from cvelistv5

Published

2022-07-28 00:52

Modified

2024-08-03 10:21

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.590Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:52:38",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36993",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36993",
      datePublished: "2022-07-28T00:52:38",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.590Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-18780

Vulnerability from cvelistv5

Published

2019-11-05 19:05

Modified

2024-08-05 02:02

Severity ?

Summary

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS19-003	x_refsource_MISC
	https://www.veritas.com/content/support/en_US/security/VTS19-004	x_refsource_MISC
	https://www.veritas.com/content/support/en_US/security/VTS19-005	x_refsource_MISC
	https://www.veritas.com/content/support/en_US/security/VTS19-006	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:02:39.503Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS19-003",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS19-004",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS19-005",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS19-006",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-11-05T19:05:17",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS19-003",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS19-004",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS19-005",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS19-006",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-18780",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS19-003",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS19-003",
                  },
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS19-004",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS19-004",
                  },
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS19-005",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS19-005",
                  },
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS19-006",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS19-006",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-18780",
      datePublished: "2019-11-05T19:05:17",
      dateReserved: "2019-11-05T00:00:00",
      dateUpdated: "2024-08-05T02:02:39.503Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36989

Vulnerability from cvelistv5

Published

2022-07-28 00:54

Modified

2024-08-03 10:21

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.604Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:54:43",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36989",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36989",
      datePublished: "2022-07-28T00:54:44",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.604Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36998

Vulnerability from cvelistv5

Published

2022-07-28 00:49

Modified

2024-08-03 10:21

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#m3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.188Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:49:24",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36998",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36998",
      datePublished: "2022-07-28T00:49:24",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.188Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36994

Vulnerability from cvelistv5

Published

2022-07-28 00:52

Modified

2024-08-03 10:21

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#m4	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.464Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:52:06",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36994",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36994",
      datePublished: "2022-07-28T00:52:07",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.464Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36988

Vulnerability from cvelistv5

Published

2022-07-28 00:55

Modified

2024-08-03 10:21

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h6	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.338Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:55:06",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36988",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36988",
      datePublished: "2022-07-28T00:55:06",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.338Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36997

Vulnerability from cvelistv5

Published

2022-07-28 00:50

Modified

2024-08-03 10:21

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h9	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.596Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 7.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:50:36",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36997",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36997",
      datePublished: "2022-07-28T00:50:36",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.596Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36986

Vulnerability from cvelistv5

Published

2022-07-28 00:56

Modified

2024-08-03 10:21

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.400Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.6,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:56:03",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36986",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36986",
      datePublished: "2022-07-28T00:56:03",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.400Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36991

Vulnerability from cvelistv5

Published

2022-07-28 00:53

Modified

2024-08-03 10:21

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h5	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.370Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:53:39",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36991",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36991",
      datePublished: "2022-07-28T00:53:39",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.370Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36990

Vulnerability from cvelistv5

Published

2022-07-28 00:54

Modified

2024-08-03 10:21

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#c2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.290Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.6,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:54:19",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36990",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36990",
      datePublished: "2022-07-28T00:54:19",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.290Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-37000

Vulnerability from cvelistv5

Published

2022-07-28 00:47

Modified

2024-08-03 10:21

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#m1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.491Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:47:45",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-37000",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-37000",
      datePublished: "2022-07-28T00:47:45",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.491Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36995

Vulnerability from cvelistv5

Published

2022-07-28 00:51

Modified

2024-08-03 10:21

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#m5	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.371Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:51:31",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36995",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36995",
      datePublished: "2022-07-28T00:51:31",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.371Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36984

Vulnerability from cvelistv5

Published

2022-07-28 00:57

Modified

2024-08-03 10:21

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h8	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.609Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:57:02",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36984",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36984",
      datePublished: "2022-07-28T00:57:02",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.609Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36987

Vulnerability from cvelistv5

Published

2022-07-28 00:55

Modified

2024-08-03 10:21

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h4	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.387Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 8.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:55:34",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36987",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36987",
      datePublished: "2022-07-28T00:55:34",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.387Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-22965

Vulnerability from cvelistv5

Published

2022-04-01 22:17

Modified

2025-01-29 17:52

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

References

▼	URL	Tags
	https://tanzu.vmware.com/security/cve-2022-22965	x_refsource_MISC
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67	vendor-advisory, x_refsource_CISCO
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
	http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Spring Framework	Version: Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T03:28:42.725Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://www.kb.cert.org/vuls/id/970766",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://tanzu.vmware.com/security/cve-2022-22965",
               },
               {
                  name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-22965",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-29T17:52:10.886552Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-04-04",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22965",
                     },
                     type: "kev",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-29T17:52:44.731Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spring Framework",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-94",
                     description: "CWE-94: Improper Control of Generation of Code ('Code Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-25T16:46:59.000Z",
            orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            shortName: "vmware",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://tanzu.vmware.com/security/cve-2022-22965",
            },
            {
               name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@vmware.com",
               ID: "CVE-2022-22965",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spring Framework",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-94: Improper Control of Generation of Code ('Code Injection')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://tanzu.vmware.com/security/cve-2022-22965",
                     refsource: "MISC",
                     url: "https://tanzu.vmware.com/security/cve-2022-22965",
                  },
                  {
                     name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
                     refsource: "CISCO",
                     url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
                     refsource: "CONFIRM",
                     url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
                  },
                  {
                     name: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
                     refsource: "CONFIRM",
                     url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2022.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d",
      assignerShortName: "vmware",
      cveId: "CVE-2022-22965",
      datePublished: "2022-04-01T22:17:30.000Z",
      dateReserved: "2022-01-10T00:00:00.000Z",
      dateUpdated: "2025-01-29T17:52:44.731Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36996

Vulnerability from cvelistv5

Published

2022-07-28 00:51

Modified

2024-08-03 10:21

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#m6	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.439Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:51:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36996",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36996",
      datePublished: "2022-07-28T00:51:09",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.439Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36992

Vulnerability from cvelistv5

Published

2022-07-28 00:53

Modified

2024-08-03 10:21

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#c1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.445Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:53:07",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36992",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36992",
      datePublished: "2022-07-28T00:53:07",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.445Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36999

Vulnerability from cvelistv5

Published

2022-07-28 00:48

Modified

2024-08-03 10:21

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#m2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.317Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:48:49",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36999",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36999",
      datePublished: "2022-07-28T00:48:49",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.317Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36985

Vulnerability from cvelistv5

Published

2022-07-28 00:56

Modified

2024-08-03 10:21

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.

References

▼	URL	Tags
	https://www.veritas.com/content/support/en_US/security/VTS22-004#h7	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:21:32.311Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-28T00:56:33",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-36985",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
                     refsource: "MISC",
                     url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-36985",
      datePublished: "2022-07-28T00:56:33",
      dateReserved: "2022-07-28T00:00:00",
      dateUpdated: "2024-08-03T10:21:32.311Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerabilites related to veritas - flex_appliance

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5