All the vulnerabilites related to veritas - flex_appliance
cve-2022-36997
Vulnerability from cvelistv5
Published
2022-07-28 00:50
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:50:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36997",
"datePublished": "2022-07-28T00:50:36",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36992
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:53:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36992",
"datePublished": "2022-07-28T00:53:07",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36990
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:54:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36990",
"datePublished": "2022-07-28T00:54:19",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36995
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:51:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36995",
"datePublished": "2022-07-28T00:51:31",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36991
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:53:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36991",
"datePublished": "2022-07-28T00:53:39",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36998
Vulnerability from cvelistv5
Published
2022-07-28 00:49
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:49:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36998",
"datePublished": "2022-07-28T00:49:24",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36986
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:56:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36986",
"datePublished": "2022-07-28T00:56:03",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22965
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2022-22965 | x_refsource_MISC | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 | vendor-advisory, x_refsource_CISCO | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Spring Framework |
Version: Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Framework",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:46:59",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2022-22965",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"name": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22965",
"datePublished": "2022-04-01T22:17:30",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36985
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:56:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36985",
"datePublished": "2022-07-28T00:56:33",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36999
Vulnerability from cvelistv5
Published
2022-07-28 00:48
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:48:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36999",
"datePublished": "2022-07-28T00:48:49",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36996
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:51:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36996",
"datePublished": "2022-07-28T00:51:09",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37000
Vulnerability from cvelistv5
Published
2022-07-28 00:47
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:47:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37000",
"datePublished": "2022-07-28T00:47:45",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18780
Vulnerability from cvelistv5
Published
2019-11-05 19:05
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS19-003 | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS19-004 | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS19-005 | x_refsource_MISC | |
| https://www.veritas.com/content/support/en_US/security/VTS19-006 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T19:05:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-003",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-004",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-005",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-006",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18780",
"datePublished": "2019-11-05T19:05:17",
"dateReserved": "2019-11-05T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36989
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:54:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36989",
"datePublished": "2022-07-28T00:54:44",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36993
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:52:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36993",
"datePublished": "2022-07-28T00:52:38",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36988
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:55:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36988",
"datePublished": "2022-07-28T00:55:06",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36987
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:55:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36987",
"datePublished": "2022-07-28T00:55:34",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36994
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:52:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36994",
"datePublished": "2022-07-28T00:52:07",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36984
Vulnerability from cvelistv5
Published
2022-07-28 00:57
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36984",
"datePublished": "2022-07-28T00:57:02",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36989",
"lastModified": "2024-11-21T07:14:13.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podr\u00eda escalar potencialmente sus privilegios"
}
],
"id": "CVE-2022-36985",
"lastModified": "2024-11-21T07:14:12.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir arbitrariamente contenido en una ruta parcialmente controlada en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36991",
"lastModified": "2024-11-21T07:14:13.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer arbitrariamente archivos de un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36994",
"lastModified": "2024-11-21T07:14:14.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir remotamente archivos arbitrarios en ubicaciones arbitrarias desde cualquier Cliente a cualquier otro Cliente por medio de un servidor primario"
}
],
"id": "CVE-2022-36990",
"lastModified": "2024-11-21T07:14:13.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36986",
"lastModified": "2024-11-21T07:14:13.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BA0AF-70FB-4948-B047-E62EA64EFFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso a un cliente de NetBackup podr\u00eda recopilar de forma remota informaci\u00f3n sobre cualquier host conocido por un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36996",
"lastModified": "2024-11-21T07:14:14.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda escribir arbitrariamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36987",
"lastModified": "2024-11-21T07:14:13.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:47
Severity ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
Impacted products
{
"cisaActionDue": "2022-04-25",
"cisaExploitAdd": "2022-04-04",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7417ECB4-3391-4273-9DAF-C9C82220CEA8",
"versionEndExcluding": "5.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5049322E-FFAA-4CAA-B794-63539EA4E6D7",
"versionEndExcluding": "5.3.18",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F22333-401B-4DB1-A63D-622FA54C2BA9",
"versionStartIncluding": "9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA44823-E5F1-4922-BCCA-13BEB49C017B",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D163AA57-1D66-4FBF-A8BB-F13E56E5C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02AEDB9F-1040-4840-ACB6-8BF299886ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCD8C1-C055-4958-A613-B6D1609687F1",
"versionEndExcluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
"versionEndExcluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
"matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
"matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66B1DC73-8B4C-418B-96A7-17C35E9164CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48E6CF01-79F1-4E56-BB3C-02AE544876E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62D12B2A-0167-4010-888E-30BB96DBA3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F91A353F-6BEE-423E-BB6A-413C2C03D313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F72DF7-C2C6-4009-82D8-462714D80DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "ED4BC39F-2A18-4F2D-B5A6-A1590D220611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "63459D69-EC29-49A6-9577-A48B63C63063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "7B20A490-3398-4B36-9630-98CADC801E9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
"versionEndExcluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D035FB7D-36A5-439E-9992-DE255F020AB5",
"versionEndExcluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D14E8FC-464B-414D-AE56-C20FF46E25FB",
"versionEndExcluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3486C85C-57BC-433F-941C-E81539DA5C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
},
{
"lang": "es",
"value": "Una aplicaci\u00f3n Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de una vinculaci\u00f3n de datos. La explotaci\u00f3n espec\u00edfica requiere que la aplicaci\u00f3n sea ejecutada en Tomcat como un despliegue WAR. Si la aplicaci\u00f3n es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotaci\u00f3n. Sin embargo, la naturaleza de la vulnerabilidad es m\u00e1s general, y puede haber otras formas de explotarla"
}
],
"id": "CVE-2022-22965",
"lastModified": "2024-11-21T06:47:42.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:13.870",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"source": "security@vmware.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un desbordamiento del b\u00fafer basado en la pila en el servidor primario de NetBackup, resultando en una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-36998",
"lastModified": "2024-11-21T07:14:15.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-37000",
"lastModified": "2024-11-21T07:14:15.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota impactos que incluyen una lectura arbitraria de archivos, un ataque de tipo Server-Side Request Forgery (SSRF) y una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-36997",
"lastModified": "2024-11-21T07:14:14.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36993",
"lastModified": "2024-11-21T07:14:14.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36999",
"lastModified": "2024-11-21T07:14:15.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-05 20:15
Modified
2024-11-21 04:33
Severity ?
Summary
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-003 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-004 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-005 | Patch, Vendor Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-006 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-004 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-005 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-006 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | access | * | |
| veritas | access_appliance | * | |
| veritas | flex_appliance | * | |
| veritas | infoscale | * | |
| veritas | infoscale | * | |
| veritas | cluster_server | * | |
| veritas | storage_foundation_ha | * | |
| microsoft | windows | - | |
| veritas | cluster_server | * | |
| veritas | storage_foundation_ha | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F929286-63B6-4D5A-9CF3-BF7E66201F90",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "488CA659-F66A-43FC-BF89-4B7BECA8E1C8",
"versionEndIncluding": "7.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E22B14D-D236-486C-88A1-A105D4904F76",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BECF4C9-6701-4A85-B3BC-F4D50DE04E2A",
"versionEndIncluding": "7.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:infoscale:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C10DD22-65A6-4C8A-BB37-C30D41842C7D",
"versionEndIncluding": "7.4.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819C03F1-9596-4012-9722-F2B89202253E",
"versionEndIncluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E54C100-9BF4-4B7F-A2A5-B5671F267C7D",
"versionEndIncluding": "6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:cluster_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF04E40-59C2-409E-8C39-95D999C3B35A",
"versionEndIncluding": "6.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:storage_foundation_ha:*:*:*:*:*:*:*:*",
"matchCriteriaId": "313F7193-63CE-4A70-BC92-0A393126A0F8",
"versionEndIncluding": "6.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n de comandos arbitraria en el componente Cluster Server de Veritas InfoScale, permite a un atacante remoto no autenticado ejecutar comandos arbitrarios como root o administrador. Estos productos de Veritas est\u00e1n afectados: Access versi\u00f3n 7.4.2 y anteriores, Access Appliance versi\u00f3n 7.4.2 y anteriores, Flex Appliance versi\u00f3n 1.2 y anteriores, InfoScale versi\u00f3n 7.3.1 y anteriores, InfoScale versiones entre 7.4.0 y 7.4.1, Veritas Cluster Server (VCS) versi\u00f3n 6.2.1 y anteriores en Linux/UNIX, Veritas Cluster Server (VCS) versi\u00f3n 6.1 y anteriores en Windows, Storage Foundation HA (SFHA) versi\u00f3n 6.2.1 y anteriores en Linux/UNIX y Storage Foundation HA (SFHA) versi\u00f3n 6.1 y anteriores en Windows."
}
],
"id": "CVE-2019-18780",
"lastModified": "2024-11-21T04:33:33.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T20:15:11.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un servidor NetBackup OpsCenter, un servidor NetBackup Primary o un servidor NetBackup Media podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor NetBackup Primary o un servidor NetBackup Media"
}
],
"id": "CVE-2022-36988",
"lastModified": "2024-11-21T07:14:13.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup (en condiciones espec\u00edficas de notificaci\u00f3n)"
}
],
"id": "CVE-2022-36992",
"lastModified": "2024-11-21T07:14:14.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un ataque de denegaci\u00f3n de servicio contra un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36984",
"lastModified": "2024-11-21T07:14:12.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda crear arbitrariamente directorios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36995",
"lastModified": "2024-11-21T07:14:14.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}