Vulnerabilites related to veritas - netbackup_appliance
cve-2017-8857
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98384 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:22.898Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2", }, { name: "98384", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98384", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2", }, { name: "98384", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98384", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8857", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2", }, { name: "98384", refsource: "BID", url: "http://www.securityfocus.com/bid/98384", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8857", datePublished: "2017-05-09T21:00:00", dateReserved: "2017-05-09T00:00:00", dateUpdated: "2024-08-05T16:48:22.898Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6407
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96489 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", }, { name: "1037950", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037950", }, { name: "96489", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96489", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", }, { name: "1037950", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037950", }, { name: "96489", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96489", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6407", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", }, { name: "1037950", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037950", }, { name: "96489", refsource: "BID", url: "http://www.securityfocus.com/bid/96489", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6407", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.299Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9867
Vulnerability from cvelistv5
Published
2019-03-19 15:53
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107567 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:01:54.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2", }, { name: "107567", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107567", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-26T11:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2", }, { name: "107567", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107567", }, ], x_ConverterErrors: { cvssV3_0: { error: "CVSSV3_0 data from v4 record is invalid", message: "Missing mandatory metrics \"AV\"", }, }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9867", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.", }, ], }, impact: { cvss: { attackComplexity: "LOW", availabilityImpact: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/A:L/C:L/I:L/PR:H/S:C/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2", }, { name: "107567", refsource: "BID", url: "http://www.securityfocus.com/bid/107567", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9867", datePublished: "2019-03-19T15:53:29", dateReserved: "2019-03-19T00:00:00", dateUpdated: "2024-08-04T22:01:54.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6402
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96485 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96485", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96485", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96485", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96485", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6402", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96485", refsource: "BID", url: "http://www.securityfocus.com/bid/96485", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6402", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36989
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:54:43", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36989", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36989", datePublished: "2022-07-28T00:54:44", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.604Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8859
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98383 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:22.612Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "98383", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98383", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "98383", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98383", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8859", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "98383", refsource: "BID", url: "http://www.securityfocus.com/bid/98383", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8859", datePublished: "2017-05-09T21:00:00", dateReserved: "2017-05-09T00:00:00", dateUpdated: "2024-08-05T16:48:22.612Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-37000
Vulnerability from cvelistv5
Published
2022-07-28 00:47
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.491Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:47:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-37000", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-37000", datePublished: "2022-07-28T00:47:45", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.491Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8856
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98379 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:22.844Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "98379", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98379", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "98379", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98379", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8856", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "98379", refsource: "BID", url: "http://www.securityfocus.com/bid/98379", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8856", datePublished: "2017-05-09T21:00:00", dateReserved: "2017-05-09T00:00:00", dateUpdated: "2024-08-05T16:48:22.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6550
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:22.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035704", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-26T00:00:00", descriptions: [ { lang: "en", value: "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-29T16:57:01", orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5", shortName: "symantec", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035704", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@symantec.com", ID: "CVE-2015-6550", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035704", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5", assignerShortName: "symantec", cveId: "CVE-2015-6550", datePublished: "2016-05-07T14:00:00", dateReserved: "2015-08-21T00:00:00", dateUpdated: "2024-08-06T07:22:22.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6406
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96486 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96486", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96486", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96486", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96486", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6406", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96486", refsource: "BID", url: "http://www.securityfocus.com/bid/96486", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6406", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36996
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:51:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36996", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36996", datePublished: "2022-07-28T00:51:09", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-7399
Vulnerability from cvelistv5
Published
2017-01-04 21:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94384 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/support/en_US/article.000116055 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037555 | vdb-entry, x_refsource_SECTRACK | |
| https://www.veritas.com/content/support/en_US/security/VTS16-002.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T01:57:47.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", }, { name: "94384", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94384", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/support/en_US/article.000116055", }, { name: "1037555", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037555", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-10-05T00:00:00", descriptions: [ { lang: "en", value: "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-26T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", }, { name: "94384", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94384", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/support/en_US/article.000116055", }, { name: "1037555", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037555", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-7399", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", refsource: "MISC", url: "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", }, { name: "94384", refsource: "BID", url: "http://www.securityfocus.com/bid/94384", }, { name: "https://www.veritas.com/support/en_US/article.000116055", refsource: "CONFIRM", url: "https://www.veritas.com/support/en_US/article.000116055", }, { name: "1037555", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037555", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-7399", datePublished: "2017-01-04T21:00:00", dateReserved: "2016-09-09T00:00:00", dateUpdated: "2024-08-06T01:57:47.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6399
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96490 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.252Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96490", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96490", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96490", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96490", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6399", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96490", refsource: "BID", url: "http://www.securityfocus.com/bid/96490", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6399", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.252Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6400
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96484 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96484", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96484", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96484", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96484", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6400", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96484", refsource: "BID", url: "http://www.securityfocus.com/bid/96484", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6400", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.275Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6401
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96493 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.245Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96493", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96493", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96493", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96493", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6401", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96493", refsource: "BID", url: "http://www.securityfocus.com/bid/96493", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6401", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.245Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36998
Vulnerability from cvelistv5
Published
2022-07-28 00:49
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.188Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:49:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36998", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36998", datePublished: "2022-07-28T00:49:24", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.188Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36997
Vulnerability from cvelistv5
Published
2022-07-28 00:50
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:50:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36997", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36997", datePublished: "2022-07-28T00:50:36", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.596Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36995
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:51:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36995", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36995", datePublished: "2022-07-28T00:51:31", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37237
Vulnerability from cvelistv5
Published
2023-06-29 00:00
Modified
2024-11-26 19:40
Severity ?
EPSS score ?
Summary
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:33.349Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS23-004", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37237", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-26T19:39:55.500455Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T19:40:11.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:H/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-29T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.veritas.com/content/support/en_US/security/VTS23-004", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37237", datePublished: "2023-06-29T00:00:00", dateReserved: "2023-06-29T00:00:00", dateUpdated: "2024-11-26T19:40:11.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-8858
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98381 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:48:22.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", }, { name: "98381", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/98381", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-05-09T00:00:00", descriptions: [ { lang: "en", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-05-11T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", }, { name: "98381", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/98381", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-8858", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", }, { name: "98381", refsource: "BID", url: "http://www.securityfocus.com/bid/98381", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-8858", datePublished: "2017-05-09T21:00:00", dateReserved: "2017-05-09T00:00:00", dateUpdated: "2024-08-05T16:48:22.823Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6552
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:22.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035704", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-26T00:00:00", descriptions: [ { lang: "en", value: "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-29T16:57:01", orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5", shortName: "symantec", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035704", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@symantec.com", ID: "CVE-2015-6552", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035704", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5", assignerShortName: "symantec", cveId: "CVE-2015-6552", datePublished: "2016-05-07T14:00:00", dateReserved: "2015-08-21T00:00:00", dateUpdated: "2024-08-06T07:22:22.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36992
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.445Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:53:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36992", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36992", datePublished: "2022-07-28T00:53:07", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28222
Vulnerability from cvelistv5
Published
2024-03-07 00:00
Modified
2024-11-15 19:13
Severity ?
EPSS score ?
Summary
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28222", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-07T19:03:09.659209Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-15T19:13:08.179Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:48:49.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS23-010", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T07:02:50.601713", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.veritas.com/content/support/en_US/security/VTS23-010", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-28222", datePublished: "2024-03-07T00:00:00", dateReserved: "2024-03-07T00:00:00", dateUpdated: "2024-11-15T19:13:08.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36993
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.590Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:52:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36993", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36993", datePublished: "2022-07-28T00:52:38", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.590Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6408
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96491 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8", }, { name: "1037950", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037950", }, { name: "96491", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96491", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8", }, { name: "1037950", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037950", }, { name: "96491", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96491", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6408", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8", }, { name: "1037950", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037950", }, { name: "96491", refsource: "BID", url: "http://www.securityfocus.com/bid/96491", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6408", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36994
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.464Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:52:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36994", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36994", datePublished: "2022-07-28T00:52:07", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36986
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.400Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:56:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36986", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36986", datePublished: "2022-07-28T00:56:03", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.400Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6409
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96504 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96504", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96504", }, { name: "1037950", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037950", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96504", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96504", }, { name: "1037950", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037950", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6409", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96504", refsource: "BID", url: "http://www.securityfocus.com/bid/96504", }, { name: "1037950", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037950", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6409", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36987
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:55:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36987", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36987", datePublished: "2022-07-28T00:55:34", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-22965
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2025-01-29 17:52
Severity ?
EPSS score ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2022-22965 | x_refsource_MISC | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 | vendor-advisory, x_refsource_CISCO | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Spring Framework |
Version: Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:28:42.725Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.kb.cert.org/vuls/id/970766", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-22965", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T17:52:10.886552Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-04-04", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22965", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2025-01-29T17:52:44.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Spring Framework", vendor: "n/a", versions: [ { status: "affected", version: "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions", }, ], }, ], descriptions: [ { lang: "en", value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94: Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:46:59.000Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@vmware.com", ID: "CVE-2022-22965", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Spring Framework", version: { version_data: [ { version_value: "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-94: Improper Control of Generation of Code ('Code Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://tanzu.vmware.com/security/cve-2022-22965", refsource: "MISC", url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { name: "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", refsource: "CONFIRM", url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { name: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2022-22965", datePublished: "2022-04-01T22:17:30.000Z", dateReserved: "2022-01-10T00:00:00.000Z", dateUpdated: "2025-01-29T17:52:44.731Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6403
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96500 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.257Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96500", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96500", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96500", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96500", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96500", refsource: "BID", url: "http://www.securityfocus.com/bid/96500", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6403", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6404
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96494 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.259Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "96494", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "96494", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96494", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6404", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "96494", refsource: "BID", url: "http://www.securityfocus.com/bid/96494", }, { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6404", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36985
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:56:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36985", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36985", datePublished: "2022-07-28T00:56:33", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-18652
Vulnerability from cvelistv5
Published
2018-10-25 23:00
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS18-003.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105737 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:16:00.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS18-003.html", }, { name: "105737", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105737", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-25T00:00:00", descriptions: [ { lang: "en", value: "A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-26T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS18-003.html", }, { name: "105737", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105737", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-18652", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS18-003.html", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS18-003.html", }, { name: "105737", refsource: "BID", url: "http://www.securityfocus.com/bid/105737", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-18652", datePublished: "2018-10-25T23:00:00", dateReserved: "2018-10-25T00:00:00", dateUpdated: "2024-08-05T11:16:00.134Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36988
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:55:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36988", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36988", datePublished: "2022-07-28T00:55:06", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9868
Vulnerability from cvelistv5
Published
2019-03-19 15:54
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107567 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:01:54.996Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1", }, { name: "107567", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107567", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-26T11:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1", }, { name: "107567", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107567", }, ], x_ConverterErrors: { cvssV3_0: { error: "CVSSV3_0 data from v4 record is invalid", message: "Missing mandatory metrics \"AV\"", }, }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9868", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.", }, ], }, impact: { cvss: { attackComplexity: "LOW", availabilityImpact: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/A:L/C:L/I:L/PR:H/S:C/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1", }, { name: "107567", refsource: "BID", url: "http://www.securityfocus.com/bid/107567", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9868", datePublished: "2019-03-19T15:54:00", dateReserved: "2019-03-19T00:00:00", dateUpdated: "2024-08-04T22:01:54.996Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36991
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:53:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36991", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36991", datePublished: "2022-07-28T00:53:39", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36990
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:54:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36990", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36990", datePublished: "2022-07-28T00:54:19", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36984
Vulnerability from cvelistv5
Published
2022-07-28 00:57
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36984", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36984", datePublished: "2022-07-28T00:57:02", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-6551
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:22.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035704", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-26T00:00:00", descriptions: [ { lang: "en", value: "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-29T16:57:01", orgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5", shortName: "symantec", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035704", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@symantec.com", ID: "CVE-2015-6551", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { name: "1035704", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035704", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "80d3bcb6-88de-48c2-a47e-aebf795f19b5", assignerShortName: "symantec", cveId: "CVE-2015-6551", datePublished: "2016-05-07T14:00:00", dateReserved: "2015-08-21T00:00:00", dateUpdated: "2024-08-06T07:22:22.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-36999
Vulnerability from cvelistv5
Published
2022-07-28 00:48
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:21:32.317Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-28T00:48:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-36999", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2", refsource: "MISC", url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-36999", datePublished: "2022-07-28T00:48:49", dateReserved: "2022-07-28T00:00:00", dateUpdated: "2024-08-03T10:21:32.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-6405
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96488 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:25:49.242Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7", }, { name: "96488", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/96488", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-03-01T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-03-06T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7", }, { name: "96488", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/96488", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-6405", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7", refsource: "CONFIRM", url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7", }, { name: "96488", refsource: "BID", url: "http://www.securityfocus.com/bid/96488", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-6405", datePublished: "2017-03-02T06:00:00", dateReserved: "2017-03-01T00:00:00", dateUpdated: "2024-08-05T15:25:49.242Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup", }, ], id: "CVE-2022-36993", lastModified: "2024-11-21T07:14:14.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.007", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un servidor NetBackup OpsCenter, un servidor NetBackup Primary o un servidor NetBackup Media podría ejecutar remotamente comandos arbitrarios en un servidor NetBackup Primary o un servidor NetBackup Media", }, ], id: "CVE-2022-36988", lastModified: "2024-11-21T07:14:13.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.3, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.760", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*", matchCriteriaId: "6B8C34AB-3048-4751-8D54-3EA11B7BC205", versionEndIncluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "08683091-39C7-434B-9DD7-1D4EE92A8AC5", versionEndIncluding: "7.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211", versionEndIncluding: "2.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado).", }, ], id: "CVE-2017-6399", lastModified: "2024-11-21T03:29:41.150", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.543", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96490", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota impactos que incluyen una lectura arbitraria de archivos, un ataque de tipo Server-Side Request Forgery (SSRF) y una denegación de servicio", }, ], id: "CVE-2022-36997", lastModified: "2024-11-21T07:14:14.960", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.207", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podría escribir remotamente archivos arbitrarios en ubicaciones arbitrarias desde cualquier Cliente a cualquier otro Cliente por medio de un servidor primario", }, ], id: "CVE-2022-36990", lastModified: "2024-11-21T07:14:13.793", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.6, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 5.8, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.857", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D99C75EB-3507-4704-A565-AB2CF5369A74", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EC406C50-6C2B-4160-890F-29DC444DC886", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "778FBECC-2C4C-45D5-A1E8-6678C541AA02", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "46E3145F-197D-4860-AF50-8970CC803BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A17E4E50-9D65-460F-8BE1-27A174A6254A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A5A861A3-FF48-47AD-BDE0-323E12CB7819", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7EC7B2BA-DC01-4611-921B-C8C94651F142", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B7002266-E3B0-4A96-BE09-741A30E74B40", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "04D8275D-EE04-4BF7-9482-AE75A2E21F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5C24158D-E922-4B07-8F67-58DD714346E5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "658F2C00-3B49-4011-9F83-62ED504F7476", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*", matchCriteriaId: "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A48563EA-D19E-4B62-8AE9-BE15D5EB8932", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E294AFF-E630-4A50-B3DE-E16AF3E595E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B9465004-79E0-46B0-B66A-48F3665ADA8E", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "EE8A0C61-6B44-4344-AFC9-834B5B653B58", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1F92467E-E91F-464F-B8C0-8724E4DB83CB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*", matchCriteriaId: "ACD568CB-7839-4DD4-AA6C-E3F14D54477B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4356423A-17CF-4013-977B-F151BB5CC206", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EF9E0A06-0022-43B1-9DFD-025D4FB13055", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "40301990-E272-40C0-90B7-FCDA3B4B5CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "9163537F-6657-4758-A980-6CCC8283F51B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FAD0859E-A3D1-416B-B841-EB052CAF6CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "54A5CAC2-5DD8-4FAE-B661-32A0017A557A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D741998D-20C0-4627-BF23-023D6C341746", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "01F5DFE7-64AF-4228-A30A-340B7BAA86EE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6D479700-9A02-466B-A2CD-107F6EAF4AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E185B358-0805-4241-9960-23216974BEFD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5B672A9C-7549-4120-A966-D24090575506", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "E464653E-CFE4-4F9E-A021-DB16D9CE6046", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.", }, { lang: "es", value: "bpcd en Veritas NetBackup 7.x hasta la versión 7.5.0.7, 7.6.0.x hasta la versión 7.6.0.4, 7.6.1.x hasta la versión 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versión 2.5.4, 2.6.0.x hasta la versión 2.6.0.4, 2.6.1.x hasta la versión 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos ejecutar comandos arbitrarios a través de la entrada manipulada.", }, ], id: "CVE-2015-6550", lastModified: "2024-11-21T02:35:12.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-07T14:59:00.163", references: [ { source: "secure@symantec.com", url: "http://www.securitytracker.com/id/1035704", }, { source: "secure@symantec.com", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, ], sourceIdentifier: "secure@symantec.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98383 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98383 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * | |
| veritas | netbackup_appliance | 2.7.3 | |
| veritas | netbackup_appliance | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "CD3168C4-243B-459F-AA39-CEA541794568", versionEndIncluding: "2.7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.7.3:*:*:*:*:*:*:*", matchCriteriaId: "DF0E6D10-050E-4626-8E3B-AB15E8FA11FE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.0:*:*:*:*:*:*:*", matchCriteriaId: "7B5A6E8A-0836-442A-B90E-98DF559E34FF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.", }, { lang: "es", value: "En Veritas NetBackup Appliance 3.0 y anteriores, los usuarios no autenticados pueden ejecutar comandos arbitrarios como root.", }, ], id: "CVE-2017-8859", lastModified: "2024-11-21T03:34:51.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-09T21:29:00.817", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98383", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98383", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría crear arbitrariamente directorios en un servidor primario de NetBackup", }, ], id: "CVE-2022-36995", lastModified: "2024-11-21T07:14:14.633", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.107", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*", matchCriteriaId: "6B8C34AB-3048-4751-8D54-3EA11B7BC205", versionEndIncluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "08683091-39C7-434B-9DD7-1D4EE92A8AC5", versionEndIncluding: "7.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211", versionEndIncluding: "2.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución privilegiada de comandos en NetBackup Server y Client (en el sistema local).", }, ], id: "CVE-2017-6400", lastModified: "2024-11-21T03:29:41.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.573", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96484", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podría leer remotamente archivos en un servidor primario de NetBackup", }, ], id: "CVE-2022-37000", lastModified: "2024-11-21T07:14:15.457", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.370", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2025-01-29 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
Impacted products
{ cisaActionDue: "2022-04-25", cisaExploitAdd: "2022-04-04", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Spring Framework JDK 9+ Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "7417ECB4-3391-4273-9DAF-C9C82220CEA8", versionEndExcluding: "5.2.20", vulnerable: true, }, { criteria: "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "5049322E-FFAA-4CAA-B794-63539EA4E6D7", versionEndExcluding: "5.3.18", versionStartIncluding: "5.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*", matchCriteriaId: "19F22333-401B-4DB1-A63D-622FA54C2BA9", versionStartIncluding: "9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*", matchCriteriaId: "0DA44823-E5F1-4922-BCCA-13BEB49C017B", versionEndExcluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A4CA84D6-F312-4C29-A02B-050FCB7A902B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "2DF6C109-E3D3-431C-8101-2FF88763CF5A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "DAAB7154-4DE8-4806-86D0-C1D33B84417B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B5BB2213-08E7-497F-B672-556FD682D122", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "E24426EE-6A3F-413E-A70A-FB98CCD007A1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "C2A5B24D-BDF2-423C-98EA-A40778C01A05", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "B61A7946-F554-44A9-9E41-86114E4B4914", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "3AA09838-BF13-46AC-BB97-A69F48B73A8A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "D163AA57-1D66-4FBF-A8BB-F13E56E5C489", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D6577F14-36B6-46A5-A1B1-FCCADA61A23B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "B4367D9B-BF81-47AD-A840-AC46317C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0425918A-03F1-4541-BDEF-55B03E07E115", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", matchCriteriaId: "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "D235B299-9A0E-44FF-84F1-2FFBC070A21D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", matchCriteriaId: "C6EAA723-2A23-4151-930B-86ACF9CC1C0C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3C2E50B0-64B6-4696-9213-F5D9016058A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "02AEDB9F-1040-4840-ACB6-8BF299886ACB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "172BECE8-9626-4910-AAA1-A2FA9C7139E3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A4B3A10E-70A8-4332-8567-06AE2C45D3C6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "059F0D4E-B007-4986-AB95-89F11147CB2B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*", matchCriteriaId: "44563108-AD89-49A0-9FA5-7DE5A5601D2C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", matchCriteriaId: "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "078AEFC0-96DA-4F50-BE8E-8360718103A5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", matchCriteriaId: "7ECCD8C1-C055-4958-A613-B6D1609687F1", versionEndExcluding: "8.0.29", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", matchCriteriaId: "7F978162-CB2C-4166-947A-9048C6E878BC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8AB16F34-D561-498F-A8C3-A24A47BCEBC9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*", matchCriteriaId: "77E39D5C-5EFA-4FEB-909E-0A92004F2563", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*", matchCriteriaId: "06816711-7C49-47B9-A9D7-FB18CC3F42F2", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "435B691D-C763-4692-A46A-3422FA821ACF", versionEndExcluding: "2.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*", matchCriteriaId: "26CDB573-611F-403C-9E9F-2A929B7B9602", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*", matchCriteriaId: "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*", matchCriteriaId: "2605B356-2BDE-45B2-AAB3-55236E163588", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*", matchCriteriaId: "26CDB573-611F-403C-9E9F-2A929B7B9602", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*", matchCriteriaId: "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*", matchCriteriaId: "2605B356-2BDE-45B2-AAB3-55236E163588", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "66B1DC73-8B4C-418B-96A7-17C35E9164CE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*", matchCriteriaId: "48E6CF01-79F1-4E56-BB3C-02AE544876E4", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "62D12B2A-0167-4010-888E-30BB96DBA3F4", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "F91A353F-6BEE-423E-BB6A-413C2C03D313", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "C3F72DF7-C2C6-4009-82D8-462714D80DF5", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "ED4BC39F-2A18-4F2D-B5A6-A1590D220611", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "63459D69-EC29-49A6-9577-A48B63C63063", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "7B20A490-3398-4B36-9630-98CADC801E9E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*", matchCriteriaId: "435B691D-C763-4692-A46A-3422FA821ACF", versionEndExcluding: "2.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*", matchCriteriaId: "D035FB7D-36A5-439E-9992-DE255F020AB5", versionEndExcluding: "1.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*", matchCriteriaId: "0D14E8FC-464B-414D-AE56-C20FF46E25FB", versionEndExcluding: "1.0.3", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*", matchCriteriaId: "83E77D85-0AE8-41D6-AC0C-983A8B73C831", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*", matchCriteriaId: "02B28A44-3708-480D-9D6D-DDF8C21A15EC", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*", matchCriteriaId: "9772EE3F-FFC5-4611-AD9A-8AD8304291BB", vulnerable: true, }, { criteria: "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*", matchCriteriaId: "CF524892-278F-4373-A8A3-02A30FA1AFF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", matchCriteriaId: "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", matchCriteriaId: "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "3486C85C-57BC-433F-941C-E81539DA5C1D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*", matchCriteriaId: "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", matchCriteriaId: "36E16AEF-ACEB-413C-888C-8D250F65C180", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*", matchCriteriaId: "9EFAEA84-E376-40A2-8C9F-3E0676FEC527", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6B042849-7EF5-4A5F-B6CD-712C0B8735BF", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7435071D-0C95-4686-A978-AFC4C9A0D0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", matchCriteriaId: "8CFCE558-9972-46A2-8539-C16044F1BAA9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "822A3C37-86F2-4E91-BE91-2A859F983941", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD311C33-A309-44D5-BBFB-539D72C7F8C4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*", matchCriteriaId: "F8383028-B719-41FD-9B6A-71F8EB4C5F8D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", matchCriteriaId: "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F14A818F-AA16-4438-A3E4-E64C9287AC66", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "04BCDC24-4A21-473C-8733-0D9CFB38A752", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.", }, { lang: "es", value: "Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. La explotación específica requiere que la aplicación sea ejecutada en Tomcat como un despliegue WAR. Si la aplicación es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotación. Sin embargo, la naturaleza de la vulnerabilidad es más general, y puede haber otras formas de explotarla", }, ], id: "CVE-2022-22965", lastModified: "2025-01-29T18:15:44.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-04-01T23:15:13.870", references: [ { source: "security@vmware.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, { source: "security@vmware.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { source: "security@vmware.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "security@vmware.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://tanzu.vmware.com/security/cve-2022-22965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.kb.cert.org/vuls/id/970766", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@vmware.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-29 02:15
Modified
2024-11-21 08:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * | |
| veritas | netbackup_appliance | 4.1.0.1 | |
| veritas | netbackup_appliance | 4.1.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:h:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "D589E780-BF4D-4805-A4D6-DE7361D97053", versionEndExcluding: "4.1.0.1", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.", }, ], id: "CVE-2023-37237", lastModified: "2024-11-21T08:11:16.713", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.2, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-29T02:15:16.207", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS23-004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS23-004", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "08683091-39C7-434B-9DD7-1D4EE92A8AC5", versionEndIncluding: "7.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211", versionEndIncluding: "2.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado).", }, ], id: "CVE-2017-6407", lastModified: "2024-11-21T03:29:42.323", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:01.073", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96489", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037950", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "1272E627-0991-41B8-9FF3-595A0F287563", versionEndIncluding: "3.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.", }, { lang: "es", value: "Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versión 3.1.2. La contraseña del servidor proxy se muestra a un administrador.", }, ], id: "CVE-2019-9867", lastModified: "2024-11-21T04:52:28.357", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:01:17.423", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/107567", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/107567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D99C75EB-3507-4704-A565-AB2CF5369A74", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EC406C50-6C2B-4160-890F-29DC444DC886", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "778FBECC-2C4C-45D5-A1E8-6678C541AA02", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "46E3145F-197D-4860-AF50-8970CC803BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A17E4E50-9D65-460F-8BE1-27A174A6254A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A5A861A3-FF48-47AD-BDE0-323E12CB7819", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7EC7B2BA-DC01-4611-921B-C8C94651F142", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B7002266-E3B0-4A96-BE09-741A30E74B40", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "04D8275D-EE04-4BF7-9482-AE75A2E21F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5C24158D-E922-4B07-8F67-58DD714346E5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "658F2C00-3B49-4011-9F83-62ED504F7476", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*", matchCriteriaId: "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A48563EA-D19E-4B62-8AE9-BE15D5EB8932", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E294AFF-E630-4A50-B3DE-E16AF3E595E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B9465004-79E0-46B0-B66A-48F3665ADA8E", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "EE8A0C61-6B44-4344-AFC9-834B5B653B58", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1F92467E-E91F-464F-B8C0-8724E4DB83CB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*", matchCriteriaId: "ACD568CB-7839-4DD4-AA6C-E3F14D54477B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4356423A-17CF-4013-977B-F151BB5CC206", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EF9E0A06-0022-43B1-9DFD-025D4FB13055", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "40301990-E272-40C0-90B7-FCDA3B4B5CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "9163537F-6657-4758-A980-6CCC8283F51B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FAD0859E-A3D1-416B-B841-EB052CAF6CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "54A5CAC2-5DD8-4FAE-B661-32A0017A557A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D741998D-20C0-4627-BF23-023D6C341746", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "01F5DFE7-64AF-4228-A30A-340B7BAA86EE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6D479700-9A02-466B-A2CD-107F6EAF4AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E185B358-0805-4241-9960-23216974BEFD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5B672A9C-7549-4120-A966-D24090575506", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "E464653E-CFE4-4F9E-A021-DB16D9CE6046", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.", }, { lang: "es", value: "La implementación del protocolo management-services en Veritas NetBackup 7.x hasta la versión 7.5.0.7, 7.6.0.x hasta la versión 7.6.0.4, 7.6.1.x hasta la versión 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versión 2.5.4, 2.6.0.x hasta la versión 2.6.0.4, 2.6.1.x hasta la versión 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos hacer llamadas RPC arbitrarias a través de vectores no especificados.", }, ], id: "CVE-2015-6552", lastModified: "2024-11-21T02:35:12.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-07T14:59:02.570", references: [ { source: "secure@symantec.com", url: "http://www.securitytracker.com/id/1035704", }, { source: "secure@symantec.com", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, ], sourceIdentifier: "secure@symantec.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota un ataque de denegación de servicio contra un servidor primario de NetBackup", }, ], id: "CVE-2022-36984", lastModified: "2024-11-21T07:14:12.733", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.543", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podría escalar potencialmente sus privilegios", }, ], id: "CVE-2022-36985", lastModified: "2024-11-21T07:14:12.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.607", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup", }, ], id: "CVE-2022-36986", lastModified: "2024-11-21T07:14:13.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.657", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. NetBackup Cloud Storage Service utiliza un nombre de usuario y contraseña codificados.", }, ], id: "CVE-2017-6403", lastModified: "2024-11-21T03:29:41.727", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.667", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96500", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96500", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup (en condiciones específicas de notificación)", }, ], id: "CVE-2022-36992", lastModified: "2024-11-21T07:14:14.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.957", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-07 07:15
Modified
2025-01-21 18:29
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "D81021D3-72DC-40DC-A23D-093A5AEAC7AC", versionEndExcluding: "8.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "01ED9403-EFD3-4B6B-92C0-CA9A5261B643", versionEndExcluding: "3.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.", }, { lang: "es", value: "En Veritas NetBackup anterior a 8.1.2 y NetBackup Appliance anterior a 3.1.2, el proceso BPCD valida inadecuadamente la ruta del archivo, lo que permite que un atacante no autenticado cargue y ejecute un archivo personalizado.", }, ], id: "CVE-2024-28222", lastModified: "2025-01-21T18:29:18.877", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-03-07T07:15:08.377", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS23-010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS23-010", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*", matchCriteriaId: "6B8C34AB-3048-4751-8D54-3EA11B7BC205", versionEndIncluding: "7.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "08683091-39C7-434B-9DD7-1D4EE92A8AC5", versionEndIncluding: "7.7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211", versionEndIncluding: "2.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución arbitraria de comandos privilegiados, usando el escape del directorio de lista blanca con subcadenas \"../\".", }, ], id: "CVE-2017-6406", lastModified: "2024-11-21T03:29:42.173", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.980", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96486", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96486", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podría leer remotamente archivos en un servidor primario de NetBackup", }, ], id: "CVE-2022-36999", lastModified: "2024-11-21T07:14:15.287", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.307", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host está abierta a la suplantación de DNS.", }, ], id: "CVE-2017-6405", lastModified: "2024-11-21T03:29:42.023", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.870", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96488", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96488", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-290", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98379 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98379 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.", }, { lang: "es", value: "En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores, hay una ejecución de comandos remotos arbitrarios no autenticados utilizando el proceso 'bprd'.", }, ], id: "CVE-2017-8856", lastModified: "2024-11-21T03:34:51.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-09T21:29:00.723", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98379", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D99C75EB-3507-4704-A565-AB2CF5369A74", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EC406C50-6C2B-4160-890F-29DC444DC886", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "778FBECC-2C4C-45D5-A1E8-6678C541AA02", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "46E3145F-197D-4860-AF50-8970CC803BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A17E4E50-9D65-460F-8BE1-27A174A6254A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A5A861A3-FF48-47AD-BDE0-323E12CB7819", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7EC7B2BA-DC01-4611-921B-C8C94651F142", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*", matchCriteriaId: "B7002266-E3B0-4A96-BE09-741A30E74B40", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*", matchCriteriaId: "04D8275D-EE04-4BF7-9482-AE75A2E21F0A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5C24158D-E922-4B07-8F67-58DD714346E5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*", matchCriteriaId: "658F2C00-3B49-4011-9F83-62ED504F7476", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*", matchCriteriaId: "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A48563EA-D19E-4B62-8AE9-BE15D5EB8932", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6E294AFF-E630-4A50-B3DE-E16AF3E595E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B9465004-79E0-46B0-B66A-48F3665ADA8E", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "EE8A0C61-6B44-4344-AFC9-834B5B653B58", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "1F92467E-E91F-464F-B8C0-8724E4DB83CB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*", matchCriteriaId: "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*", matchCriteriaId: "ACD568CB-7839-4DD4-AA6C-E3F14D54477B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4356423A-17CF-4013-977B-F151BB5CC206", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "EF9E0A06-0022-43B1-9DFD-025D4FB13055", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "40301990-E272-40C0-90B7-FCDA3B4B5CD3", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "9163537F-6657-4758-A980-6CCC8283F51B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FAD0859E-A3D1-416B-B841-EB052CAF6CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*", matchCriteriaId: "54A5CAC2-5DD8-4FAE-B661-32A0017A557A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*", matchCriteriaId: "D741998D-20C0-4627-BF23-023D6C341746", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "01F5DFE7-64AF-4228-A30A-340B7BAA86EE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "6D479700-9A02-466B-A2CD-107F6EAF4AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "E185B358-0805-4241-9960-23216974BEFD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "5B672A9C-7549-4120-A966-D24090575506", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "E464653E-CFE4-4F9E-A021-DB16D9CE6046", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*", matchCriteriaId: "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.", }, { lang: "es", value: "Veritas NetBackup 7.x hasta la versión 7.5.0.7 y 7.6.0.x hasta la versión 7.6.0.4 y NetBackup Appliance hasta la versión 2.5.4 y 2.6.0.x hasta la versión 2.6.0.4 no utilizan TLS para el tráfico de la consola de administración al servidor NBU, lo que permite a atacantes remotos obtener información sensible husmeando la red en busca de paquetes de intercambio de clave.", }, ], id: "CVE-2015-6551", lastModified: "2024-11-21T02:35:12.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-07T14:59:01.197", references: [ { source: "secure@symantec.com", url: "http://www.securitytracker.com/id/1035704", }, { source: "secure@symantec.com", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-001.html", }, ], sourceIdentifier: "secure@symantec.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98384 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98384 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.", }, { lang: "es", value: "Veritas NetBackup 8.0 y anteriores y NetBackup Appliance 3.0 y anteriores están afectadas por una copia de archivos sin autenticación y ejecución de comandos de forma arbitraria a través del proceso 'bprd'.", }, ], id: "CVE-2017-8857", lastModified: "2024-11-21T03:34:51.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-09T21:29:00.753", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98384", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-25 23:29
Modified
2024-11-21 03:56
Severity ?
Summary
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105737 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS18-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105737 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS18-003.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "01ED9403-EFD3-4B6B-92C0-CA9A5261B643", versionEndExcluding: "3.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.", }, { lang: "es", value: "Una vulnerabilidad de ejecución remota de comandos en Veritas NetBackup Appliance en versiones anteriores a la 3.1.2 permite que administradores autenticados ejecuten comandos arbitrarios como root. El problema viene provocado por el filtrado insuficiente de entradas proporcionadas por el usuario.", }, ], id: "CVE-2018-18652", lastModified: "2024-11-21T03:56:18.653", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-25T23:29:00.233", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105737", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS18-003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105737", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS18-003.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "1272E627-0991-41B8-9FF3-595A0F287563", versionEndIncluding: "3.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.", }, { lang: "es", value: "Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versión 3.1.2. La contraseña SMTP se muestra a un administrador.", }, ], id: "CVE-2019-9868", lastModified: "2024-11-21T04:52:28.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:01:17.453", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/107567", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securityfocus.com/bid/107567", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-04 21:59
Modified
2024-11-21 02:57
Severity ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance_firmware | 2.6.0.0 | |
| veritas | netbackup_appliance_firmware | 2.6.0.1 | |
| veritas | netbackup_appliance_firmware | 2.6.0.2 | |
| veritas | netbackup_appliance_firmware | 2.6.0.3 | |
| veritas | netbackup_appliance_firmware | 2.6.0.4 | |
| veritas | netbackup_appliance_firmware | 2.6.1.0 | |
| veritas | netbackup_appliance_firmware | 2.6.1.1 | |
| veritas | netbackup_appliance_firmware | 2.6.1.2 | |
| veritas | netbackup_appliance_firmware | 2.7.0.0 | |
| veritas | netbackup_appliance_firmware | 2.7.1.0 | |
| veritas | netbackup_appliance_firmware | 2.7.2.0 | |
| veritas | netbackup_appliance_firmware | 3.0.0.0 | |
| veritas | netbackup_appliance | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.0:*:*:*:*:*:*:*", matchCriteriaId: "9951CD9C-FDCD-473C-8845-BF8740FF17E1", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6F1E8778-5FAD-4A5D-B971-41BCEAB48111", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E992D4D8-0988-481D-A4E4-D83CBDAF255B", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "EF131673-40A6-467D-ADCD-A0459506F7C6", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B2AAD875-623A-4750-AB97-25614C96C11C", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.0:*:*:*:*:*:*:*", matchCriteriaId: "3921C874-5ACE-4E88-85D8-26EC92A18A07", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.1:*:*:*:*:*:*:*", matchCriteriaId: "F6B5269B-F024-4B41-ACD7-C3E26CA788DE", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.2:*:*:*:*:*:*:*", matchCriteriaId: "DCA7E592-8559-4FFA-8C2A-C40645440972", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8C4B34F4-C7D9-44DA-888B-9B639B98FD33", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.1.0:*:*:*:*:*:*:*", matchCriteriaId: "BC47BBE6-CC4F-4397-AFCB-8C0A85DD94BF", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E3E293FC-C35D-45BA-8362-39A6094A9421", vulnerable: true, }, { criteria: "cpe:2.3:o:veritas:netbackup_appliance_firmware:3.0.0.0:*:*:*:*:*:*:*", matchCriteriaId: "900F4AA3-5B6E-4F36-8EF4-ED99DA595092", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:veritas:netbackup_appliance:-:*:*:*:*:*:*:*", matchCriteriaId: "D27385F9-2E4C-4046-BAC3-45DEFE1926ED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.", }, { lang: "es", value: "scripts/license.pl en Veritas NetBackup Appliance 2.6.0.x hasta la versión 2.6.0.4, 2.6.1.x hasta la versión 2.6.1.2, 2.7.x hasta la versión 2.7.3 y 3.0.x permiten a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro hostName a appliancews/getLicense.", }, ], id: "CVE-2016-7399", lastModified: "2024-11-21T02:57:55.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-04T21:59:00.167", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94384", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037555", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/support/en_US/article.000116055", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94384", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037555", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS16-002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/support/en_US/article.000116055", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota un desbordamiento del búfer basado en la pila en el servidor primario de NetBackup, resultando en una denegación de servicio", }, ], id: "CVE-2022-36998", lastModified: "2024-11-21T07:14:15.127", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.257", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado.", }, ], id: "CVE-2017-6409", lastModified: "2024-11-21T03:29:42.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:01.153", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96504", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037950", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:10.0:*:*:*:*:*:*:*", matchCriteriaId: "A22BA0AF-70FB-4948-B047-E62EA64EFFC5", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso a un cliente de NetBackup podría recopilar de forma remota información sobre cualquier host conocido por un servidor primario de NetBackup", }, ], id: "CVE-2022-36996", lastModified: "2024-11-21T07:14:14.793", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.157", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podría escribir arbitrariamente contenido en una ruta parcialmente controlada en un servidor primario de NetBackup", }, ], id: "CVE-2022-36991", lastModified: "2024-11-21T07:14:13.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.907", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría leer arbitrariamente archivos de un servidor primario de NetBackup", }, ], id: "CVE-2022-36994", lastModified: "2024-11-21T07:14:14.463", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:18.053", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir una condición de carrera de escalada de privilegios locales en pbx_exchange cuando un usuario local se conecta a un socket antes de que se aseguren los permisos.", }, ], id: "CVE-2017-6408", lastModified: "2024-11-21T03:29:42.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:01.120", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96491", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1037950", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1037950", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría escribir arbitrariamente archivos en un servidor primario de NetBackup", }, ], id: "CVE-2022-36987", lastModified: "2024-11-21T07:14:13.280", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.707", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98381 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98381 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.", }, { lang: "es", value: "En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y anteriores, existe una escritura con privilegios remota de archivos no autenticada utilizando el proceso 'bprd'.", }, ], id: "CVE-2017-8858", lastModified: "2024-11-21T03:34:51.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-09T21:29:00.787", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98381", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/98381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "3C62C533-7F68-42EB-B10F-7758EEBB4731", versionEndIncluding: "7.6.1.2", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "09A5F0E3-7DE8-49B2-9836-CF442BBD5E54", versionEndIncluding: "2.6.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7 y NetBackup Appliance en versiones anteriores a 2.7. Existen archivos de registro de escritura universal, permitiendo la destrucción o suplantación de datos de registro.", }, ], id: "CVE-2017-6404", lastModified: "2024-11-21T03:29:41.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.793", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96494", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*", matchCriteriaId: "025BC427-C1D3-4888-8585-EE5EF288AE86", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*", matchCriteriaId: "E18698DE-9043-4AA0-B798-51C0B4CACBAD", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CE9674B-4528-4168-B09A-DBAA48622307", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "9810D40F-FF25-495F-80A4-7A8D8679FA33", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "02B3BC5A-97E2-4295-9EA3-62D29E579E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*", matchCriteriaId: "EC18FEAF-65B4-4F56-A703-21DF9B969B0B", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*", matchCriteriaId: "0BDD5695-9235-4592-9B8A-A90BE7762F90", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*", matchCriteriaId: "20EF9FB3-5862-4C85-A082-5903E9619A01", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*", matchCriteriaId: "48682500-A4CC-417A-AE87-254A38E9A837", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*", matchCriteriaId: "F28926F3-D951-40EC-A383-27038FF62D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*", matchCriteriaId: "3678D77D-D641-47C6-92BA-FE124D645F47", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*", matchCriteriaId: "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "06FB11BA-21B8-4AF5-8E06-A03A148380A0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F903AD8B-FCF5-4287-828C-AB19C69C00FB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*", matchCriteriaId: "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*", matchCriteriaId: "0B23C8C3-3385-435D-861E-F1EEFD382C6F", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*", matchCriteriaId: "8797A64D-D4EA-45F4-911E-3F5794979FBB", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "26A3CE2C-544C-4785-B879-6C4E0A594FFE", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "070A8292-8AA8-45B0-BD12-174071C142ED", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*", matchCriteriaId: "DA05618C-73DD-4A02-AF1B-90C5D968C881", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*", matchCriteriaId: "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8EDC739-0410-45C6-9628-EC833AC7400E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "0D532AFE-824C-4002-AD4E-431F83911D27", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "C9CD8205-281F-4ABD-BF1D-EB97090B3755", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "0DD01222-0F16-48D3-842A-C07377C0872F", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "3ED514C2-AEDD-4071-A145-5D281C789703", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "BF2D4F61-2307-4A29-B620-E811E7642E66", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "CF307131-DB9A-41CA-9990-EAAF56B671DB", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "42554066-06A0-44EF-8911-5982A4033E00", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*", matchCriteriaId: "F2762443-9B5B-4675-84B3-21A60385F86E", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*", matchCriteriaId: "6256AE6A-34BF-417A-BAB9-8889457BA31B", vulnerable: true, }, { criteria: "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*", matchCriteriaId: "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.", }, { lang: "es", value: "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup", }, ], id: "CVE-2022-36989", lastModified: "2024-11-21T07:14:13.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-28T01:15:17.810", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. Puede ocurrir ejecución local arbitraria de comandos cuando se utiliza bpcd y bpnbat.", }, ], id: "CVE-2017-6401", lastModified: "2024-11-21T03:29:41.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.590", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96493", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "22ACFAB5-377D-43E5-9991-5587B7829263", versionEndIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.", }, { lang: "es", value: "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir la denegación de servicio que afecte al servidor NetBackup.", }, ], id: "CVE-2017-6402", lastModified: "2024-11-21T03:29:41.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-03-02T06:59:00.620", references: [ { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/96485", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/96485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }