All the vulnerabilites related to veritas - netbackup_appliance
cve-2022-36997
Vulnerability from cvelistv5
Published
2022-07-28 00:50
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:50:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36997",
"datePublished": "2022-07-28T00:50:36",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36992
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:53:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36992",
"datePublished": "2022-07-28T00:53:07",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36990
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:54:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36990",
"datePublished": "2022-07-28T00:54:19",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7399
Vulnerability from cvelistv5
Published
2017-01-04 21:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94384 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/support/en_US/article.000116055 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037555 | vdb-entry, x_refsource_SECTRACK | |
| https://www.veritas.com/content/support/en_US/security/VTS16-002.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94384"
},
{
"name": "https://www.veritas.com/support/en_US/article.000116055",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7399",
"datePublished": "2017-01-04T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6407
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96489 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96489",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96489"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96489",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96489"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"name": "1037950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96489"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6407",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36998
Vulnerability from cvelistv5
Published
2022-07-28 00:49
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.188Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:49:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36998",
"datePublished": "2022-07-28T00:49:24",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36999
Vulnerability from cvelistv5
Published
2022-07-28 00:48
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:48:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36999",
"datePublished": "2022-07-28T00:48:49",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6405
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96488 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"name": "96488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"name": "96488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"name": "96488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6405",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8859
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98383 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98383"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98383"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98383"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8859",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36991
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:53:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36991",
"datePublished": "2022-07-28T00:53:39",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9867
Vulnerability from cvelistv5
Published
2019-03-19 15:53
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107567 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2"
},
{
"name": "107567",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2"
},
{
"name": "107567",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107567"
}
],
"x_ConverterErrors": {
"cvssV3_0": {
"error": "CVSSV3_0 data from v4 record is invalid",
"message": "Missing mandatory metrics \"AV\""
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:L/C:L/I:L/PR:H/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2"
},
{
"name": "107567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107567"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9867",
"datePublished": "2019-03-19T15:53:29",
"dateReserved": "2019-03-19T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6408
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/96491 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"name": "1037950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "96491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6408",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36985
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:56:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36985",
"datePublished": "2022-07-28T00:56:33",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36996
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:51:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36996",
"datePublished": "2022-07-28T00:51:09",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-37000
Vulnerability from cvelistv5
Published
2022-07-28 00:47
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:47:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37000",
"datePublished": "2022-07-28T00:47:45",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36993
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:52:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36993",
"datePublished": "2022-07-28T00:52:38",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6400
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96484 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96484"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6400",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8856
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98379 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98379",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the \u0027bprd\u0027 process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98379",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the \u0027bprd\u0027 process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98379"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8856",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6399
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96490 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96490"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6399",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6552
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-6552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-6552",
"datePublished": "2016-05-07T14:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36988
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:55:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36988",
"datePublished": "2022-07-28T00:55:06",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18652
Vulnerability from cvelistv5
Published
2018-10-25 23:00
Modified
2024-08-05 11:16
Severity ?
EPSS score ?
Summary
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS18-003.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/105737 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:16:00.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS18-003.html"
},
{
"name": "105737",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS18-003.html"
},
{
"name": "105737",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS18-003.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS18-003.html"
},
{
"name": "105737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18652",
"datePublished": "2018-10-25T23:00:00",
"dateReserved": "2018-10-25T00:00:00",
"dateUpdated": "2024-08-05T11:16:00.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6403
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96500 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96500"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6403",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6551
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-6551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-6551",
"datePublished": "2016-05-07T14:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6409
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96504 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1037950 | vdb-entry, x_refsource_SECTRACK | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96504",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96504"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96504",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96504"
},
{
"name": "1037950",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96504"
},
{
"name": "1037950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6409",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36995
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:51:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36995",
"datePublished": "2022-07-28T00:51:31",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6401
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96493 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96493"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96493"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6401",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36986
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:56:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36986",
"datePublished": "2022-07-28T00:56:03",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37237
Vulnerability from cvelistv5
Published
2023-06-29 00:00
Modified
2024-11-26 19:40
Severity ?
EPSS score ?
Summary
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:33.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-004"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37237",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:39:55.500455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:40:11.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:H/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-004"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37237",
"datePublished": "2023-06-29T00:00:00",
"dateReserved": "2023-06-29T00:00:00",
"dateUpdated": "2024-11-26T19:40:11.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6402
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96485 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96485"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6402",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22965
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 03:28
Severity ?
EPSS score ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://tanzu.vmware.com/security/cve-2022-22965 | x_refsource_MISC | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 | vendor-advisory, x_refsource_CISCO | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005 | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Spring Framework |
Version: Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Framework",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:46:59",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_value": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2022-22965",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"name": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22965",
"datePublished": "2022-04-01T22:17:30",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T03:28:42.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6406
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96486 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96486",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96486",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96486"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6406",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6550
Vulnerability from cvelistv5
Published
2016-05-07 14:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS16-001.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035704 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-6550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"name": "1035704",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2015-6550",
"datePublished": "2016-05-07T14:00:00",
"dateReserved": "2015-08-21T00:00:00",
"dateUpdated": "2024-08-06T07:22:22.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8857
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98384 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"name": "98384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the \u0027bprd\u0027 process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"name": "98384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98384"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the \u0027bprd\u0027 process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"name": "98384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98384"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8857",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6404
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96494 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "96494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96494"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6404",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36989
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:54:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36989",
"datePublished": "2022-07-28T00:54:44",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-8858
Vulnerability from cvelistv5
Published
2017-05-09 21:00
Modified
2024-08-05 16:48
Severity ?
EPSS score ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98381 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"name": "98381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98381"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the \u0027bprd\u0027 process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-11T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"name": "98381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98381"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the \u0027bprd\u0027 process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"name": "98381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98381"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8858",
"datePublished": "2017-05-09T21:00:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9868
Vulnerability from cvelistv5
Published
2019-03-19 15:54
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107567 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:01:54.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1"
},
{
"name": "107567",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107567"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T11:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1"
},
{
"name": "107567",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107567"
}
],
"x_ConverterErrors": {
"cvssV3_0": {
"error": "CVSSV3_0 data from v4 record is invalid",
"message": "Missing mandatory metrics \"AV\""
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"availabilityImpact": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/A:L/C:L/I:L/PR:H/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1"
},
{
"name": "107567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107567"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9868",
"datePublished": "2019-03-19T15:54:00",
"dateReserved": "2019-03-19T00:00:00",
"dateUpdated": "2024-08-04T22:01:54.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36987
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:55:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36987",
"datePublished": "2022-07-28T00:55:34",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36994
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:52:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36994",
"datePublished": "2022-07-28T00:52:07",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36984
Vulnerability from cvelistv5
Published
2022-07-28 00:57
Modified
2024-08-03 10:21
Severity ?
EPSS score ?
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-28T00:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
"refsource": "MISC",
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36984",
"datePublished": "2022-07-28T00:57:02",
"dateReserved": "2022-07-28T00:00:00",
"dateUpdated": "2024-08-03T10:21:32.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podr\u00eda escalar potencialmente sus privilegios"
}
],
"id": "CVE-2022-36985",
"lastModified": "2024-11-21T07:14:12.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m4 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer arbitrariamente archivos de un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36994",
"lastModified": "2024-11-21T07:14:14.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36986",
"lastModified": "2024-11-21T07:14:13.090",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C34AB-3048-4751-8D54-3EA11B7BC205",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n privilegiada de comandos en NetBackup Server y Client (en el sistema local)."
}
],
"id": "CVE-2017-6400",
"lastModified": "2024-11-21T03:29:41.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96484"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets."
},
{
"lang": "es",
"value": "Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7 y 7.6.0.x hasta la versi\u00f3n 7.6.0.4 y NetBackup Appliance hasta la versi\u00f3n 2.5.4 y 2.6.0.x hasta la versi\u00f3n 2.6.0.4 no utilizan TLS para el tr\u00e1fico de la consola de administraci\u00f3n al servidor NBU, lo que permite a atacantes remotos obtener informaci\u00f3n sensible husmeando la red en busca de paquetes de intercambio de clave."
}
],
"id": "CVE-2015-6551",
"lastModified": "2024-11-21T02:35:12.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-07T14:59:01.197",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-25 23:29
Modified
2024-11-21 03:56
Severity ?
Summary
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105737 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS18-003.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105737 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS18-003.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01ED9403-EFD3-4B6B-92C0-CA9A5261B643",
"versionEndExcluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de comandos en Veritas NetBackup Appliance en versiones anteriores a la 3.1.2 permite que administradores autenticados ejecuten comandos arbitrarios como root. El problema viene provocado por el filtrado insuficiente de entradas proporcionadas por el usuario."
}
],
"id": "CVE-2018-18652",
"lastModified": "2024-11-21T03:56:18.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-25T23:29:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105737"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS18-003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS18-003.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host est\u00e1 abierta a la suplantaci\u00f3n de DNS."
}
],
"id": "CVE-2017-6405",
"lastModified": "2024-11-21T03:29:42.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.870",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96488"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-29 02:15
Modified
2024-11-21 08:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * | |
| veritas | netbackup_appliance | 4.1.0.1 | |
| veritas | netbackup_appliance | 4.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D589E780-BF4D-4805-A4D6-DE7361D97053",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH."
}
],
"id": "CVE-2023-37237",
"lastModified": "2024-11-21T08:11:16.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-29T02:15:16.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del protocolo management-services en Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7, 7.6.0.x hasta la versi\u00f3n 7.6.0.4, 7.6.1.x hasta la versi\u00f3n 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versi\u00f3n 2.5.4, 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos hacer llamadas RPC arbitrarias a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-6552",
"lastModified": "2024-11-21T02:35:12.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-07T14:59:02.570",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. NetBackup Cloud Storage Service utiliza un nombre de usuario y contrase\u00f1a codificados."
}
],
"id": "CVE-2017-6403",
"lastModified": "2024-11-21T03:29:41.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.667",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96500"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un ataque de denegaci\u00f3n de servicio contra un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36984",
"lastModified": "2024-11-21T07:14:12.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir una condici\u00f3n de carrera de escalada de privilegios locales en pbx_exchange cuando un usuario local se conecta a un socket antes de que se aseguren los permisos."
}
],
"id": "CVE-2017-6408",
"lastModified": "2024-11-21T03:29:42.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.120",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96491"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C62C533-7F68-42EB-B10F-7758EEBB4731",
"versionEndIncluding": "7.6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09A5F0E3-7DE8-49B2-9836-CF442BBD5E54",
"versionEndIncluding": "2.6.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7 y NetBackup Appliance en versiones anteriores a 2.7. Existen archivos de registro de escritura universal, permitiendo la destrucci\u00f3n o suplantaci\u00f3n de datos de registro."
}
],
"id": "CVE-2017-6404",
"lastModified": "2024-11-21T03:29:41.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.793",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96494"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m3 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un desbordamiento del b\u00fafer basado en la pila en el servidor primario de NetBackup, resultando en una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-36998",
"lastModified": "2024-11-21T07:14:15.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1272E627-0991-41B8-9FF3-595A0F287563",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versi\u00f3n 3.1.2. La contrase\u00f1a del servidor proxy se muestra a un administrador."
}
],
"id": "CVE-2019-9867",
"lastModified": "2024-11-21T04:52:28.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:17.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/107567"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/107567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:47
Severity ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
Impacted products
{
"cisaActionDue": "2022-04-25",
"cisaExploitAdd": "2022-04-04",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7417ECB4-3391-4273-9DAF-C9C82220CEA8",
"versionEndExcluding": "5.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5049322E-FFAA-4CAA-B794-63539EA4E6D7",
"versionEndExcluding": "5.3.18",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19F22333-401B-4DB1-A63D-622FA54C2BA9",
"versionStartIncluding": "9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA44823-E5F1-4922-BCCA-13BEB49C017B",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D163AA57-1D66-4FBF-A8BB-F13E56E5C489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02AEDB9F-1040-4840-ACB6-8BF299886ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ECCD8C1-C055-4958-A613-B6D1609687F1",
"versionEndExcluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
"versionEndExcluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
"matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
"matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66B1DC73-8B4C-418B-96A7-17C35E9164CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48E6CF01-79F1-4E56-BB3C-02AE544876E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62D12B2A-0167-4010-888E-30BB96DBA3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F91A353F-6BEE-423E-BB6A-413C2C03D313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3F72DF7-C2C6-4009-82D8-462714D80DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "ED4BC39F-2A18-4F2D-B5A6-A1590D220611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "63459D69-EC29-49A6-9577-A48B63C63063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "7B20A490-3398-4B36-9630-98CADC801E9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
"versionEndExcluding": "2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D035FB7D-36A5-439E-9992-DE255F020AB5",
"versionEndExcluding": "1.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D14E8FC-464B-414D-AE56-C20FF46E25FB",
"versionEndExcluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
"matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3486C85C-57BC-433F-941C-E81539DA5C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
},
{
"lang": "es",
"value": "Una aplicaci\u00f3n Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de una vinculaci\u00f3n de datos. La explotaci\u00f3n espec\u00edfica requiere que la aplicaci\u00f3n sea ejecutada en Tomcat como un despliegue WAR. Si la aplicaci\u00f3n es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotaci\u00f3n. Sin embargo, la naturaleza de la vulnerabilidad es m\u00e1s general, y puede haber otras formas de explotarla"
}
],
"id": "CVE-2022-22965",
"lastModified": "2024-11-21T06:47:42.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-01T23:15:13.870",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"source": "security@vmware.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@vmware.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/970766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@vmware.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C34AB-3048-4751-8D54-3EA11B7BC205",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n arbitraria de comandos privilegiados, usando el escape del directorio de lista blanca con subcadenas \"../\"."
}
],
"id": "CVE-2017-6406",
"lastModified": "2024-11-21T03:29:42.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.980",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96486"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98379 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98379 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the \u0027bprd\u0027 process."
},
{
"lang": "es",
"value": "En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores, hay una ejecuci\u00f3n de comandos remotos arbitrarios no autenticados utilizando el proceso \u0027bprd\u0027."
}
],
"id": "CVE-2017-8856",
"lastModified": "2024-11-21T03:34:51.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un servidor NetBackup OpsCenter, un servidor NetBackup Primary o un servidor NetBackup Media podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor NetBackup Primary o un servidor NetBackup Media"
}
],
"id": "CVE-2022-36988",
"lastModified": "2024-11-21T07:14:13.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado)."
}
],
"id": "CVE-2017-6407",
"lastModified": "2024-11-21T03:29:42.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.073",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96489"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup (en condiciones espec\u00edficas de notificaci\u00f3n)"
}
],
"id": "CVE-2022-36992",
"lastModified": "2024-11-21T07:14:14.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m5 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda crear arbitrariamente directorios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36995",
"lastModified": "2024-11-21T07:14:14.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado."
}
],
"id": "CVE-2017-6409",
"lastModified": "2024-11-21T03:29:42.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.153",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96504"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107567 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1272E627-0991-41B8-9FF3-595A0F287563",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versi\u00f3n 3.1.2. La contrase\u00f1a SMTP se muestra a un administrador."
}
],
"id": "CVE-2019-9868",
"lastModified": "2024-11-21T04:52:28.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:01:17.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/107567"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/107567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98384 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98384 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the \u0027bprd\u0027 process."
},
{
"lang": "es",
"value": "Veritas NetBackup 8.0 y anteriores y NetBackup Appliance 3.0 y anteriores est\u00e1n afectadas por una copia de archivos sin autenticaci\u00f3n y ejecuci\u00f3n de comandos de forma arbitraria a trav\u00e9s del proceso \u0027bprd\u0027."
}
],
"id": "CVE-2017-8857",
"lastModified": "2024-11-21T03:34:51.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8C34AB-3048-4751-8D54-3EA11B7BC205",
"versionEndIncluding": "7.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08683091-39C7-434B-9DD7-1D4EE92A8AC5",
"versionEndIncluding": "7.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2B28AB-46AF-4AAF-8F64-49FADA1E8211",
"versionEndIncluding": "2.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecuci\u00f3n remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado)."
}
],
"id": "CVE-2017-6399",
"lastModified": "2024-11-21T03:29:41.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96490"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-07 14:59
Modified
2024-11-21 02:35
Severity ?
Summary
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99C75EB-3507-4704-A565-AB2CF5369A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC406C50-6C2B-4160-890F-29DC444DC886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778FBECC-2C4C-45D5-A1E8-6678C541AA02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46E3145F-197D-4860-AF50-8970CC803BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A17E4E50-9D65-460F-8BE1-27A174A6254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A861A3-FF48-47AD-BDE0-323E12CB7819",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC7B2BA-DC01-4611-921B-C8C94651F142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B7002266-E3B0-4A96-BE09-741A30E74B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04D8275D-EE04-4BF7-9482-AE75A2E21F0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24158D-E922-4B07-8F67-58DD714346E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "658F2C00-3B49-4011-9F83-62ED504F7476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE16FC2F-C5E8-43E5-A644-F4D5FF06B464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A48563EA-D19E-4B62-8AE9-BE15D5EB8932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6E294AFF-E630-4A50-B3DE-E16AF3E595E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9465004-79E0-46B0-B66A-48F3665ADA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8A0C61-6B44-4344-AFC9-834B5B653B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA84E2A3-6A57-4753-A6A6-61F6C4D817E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F92467E-E91F-464F-B8C0-8724E4DB83CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9CE3B-72E9-4A37-8E42-5495AB4E8C33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD568CB-7839-4DD4-AA6C-E3F14D54477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4356423A-17CF-4013-977B-F151BB5CC206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B50CD5-C171-4E78-A22F-9B9ADFF505CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9E0A06-0022-43B1-9DFD-025D4FB13055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B3F9EB4-412C-4CC0-95FC-8C56F1AAD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F34BBD63-741B-4AAE-BFFE-7BAACFF1BCA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40301990-E272-40C0-90B7-FCDA3B4B5CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAED7E07-8FFC-48AD-9D50-0D65ACEE1529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9163537F-6657-4758-A980-6CCC8283F51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD0859E-A3D1-416B-B841-EB052CAF6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "54A5CAC2-5DD8-4FAE-B661-32A0017A557A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D741998D-20C0-4627-BF23-023D6C341746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01F5DFE7-64AF-4228-A30A-340B7BAA86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6D479700-9A02-466B-A2CD-107F6EAF4AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E185B358-0805-4241-9960-23216974BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B672A9C-7549-4120-A966-D24090575506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E464653E-CFE4-4F9E-A021-DB16D9CE6046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C760A6C-ADA4-4D5D-8C63-54B1B93B1DEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input."
},
{
"lang": "es",
"value": "bpcd en Veritas NetBackup 7.x hasta la versi\u00f3n 7.5.0.7, 7.6.0.x hasta la versi\u00f3n 7.6.0.4, 7.6.1.x hasta la versi\u00f3n 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versi\u00f3n 2.5.4, 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de la entrada manipulada."
}
],
"id": "CVE-2015-6550",
"lastModified": "2024-11-21T02:35:12.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-07T14:59:00.163",
"references": [
{
"source": "secure@symantec.com",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-001.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda escribir arbitrariamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36987",
"lastModified": "2024-11-21T07:14:13.280",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-04 21:59
Modified
2024-11-21 02:57
Severity ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance_firmware | 2.6.0.0 | |
| veritas | netbackup_appliance_firmware | 2.6.0.1 | |
| veritas | netbackup_appliance_firmware | 2.6.0.2 | |
| veritas | netbackup_appliance_firmware | 2.6.0.3 | |
| veritas | netbackup_appliance_firmware | 2.6.0.4 | |
| veritas | netbackup_appliance_firmware | 2.6.1.0 | |
| veritas | netbackup_appliance_firmware | 2.6.1.1 | |
| veritas | netbackup_appliance_firmware | 2.6.1.2 | |
| veritas | netbackup_appliance_firmware | 2.7.0.0 | |
| veritas | netbackup_appliance_firmware | 2.7.1.0 | |
| veritas | netbackup_appliance_firmware | 2.7.2.0 | |
| veritas | netbackup_appliance_firmware | 3.0.0.0 | |
| veritas | netbackup_appliance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9951CD9C-FDCD-473C-8845-BF8740FF17E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1E8778-5FAD-4A5D-B971-41BCEAB48111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E992D4D8-0988-481D-A4E4-D83CBDAF255B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF131673-40A6-467D-ADCD-A0459506F7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AAD875-623A-4750-AB97-25614C96C11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3921C874-5ACE-4E88-85D8-26EC92A18A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B5269B-F024-4B41-ACD7-C3E26CA788DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA7E592-8559-4FFA-8C2A-C40645440972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4B34F4-C7D9-44DA-888B-9B639B98FD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC47BBE6-CC4F-4397-AFCB-8C0A85DD94BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E293FC-C35D-45BA-8362-39A6094A9421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "900F4AA3-5B6E-4F36-8EF4-ED99DA595092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27385F9-2E4C-4046-BAC3-45DEFE1926ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
},
{
"lang": "es",
"value": "scripts/license.pl en Veritas NetBackup Appliance 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2, 2.7.x hasta la versi\u00f3n 2.7.3 y 3.0.x permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro hostName a appliancews/getLicense."
}
],
"id": "CVE-2016-7399",
"lastModified": "2024-11-21T02:57:55.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-04T21:59:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98381 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98381 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the \u0027bprd\u0027 process."
},
{
"lang": "es",
"value": "En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y anteriores, existe una escritura con privilegios remota de archivos no autenticada utilizando el proceso \u0027bprd\u0027."
}
],
"id": "CVE-2017-8858",
"lastModified": "2024-11-21T03:34:51.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98381"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36993",
"lastModified": "2024-11-21T07:14:14.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36989",
"lastModified": "2024-11-21T07:14:13.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h5 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir arbitrariamente contenido en una ruta parcialmente controlada en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36991",
"lastModified": "2024-11-21T07:14:13.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir la denegaci\u00f3n de servicio que afecte al servidor NetBackup."
}
],
"id": "CVE-2017-6402",
"lastModified": "2024-11-21T03:29:41.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.620",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96485"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-09 21:29
Modified
2024-11-21 03:34
Severity ?
Summary
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/98383 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98383 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance | * | |
| veritas | netbackup_appliance | 2.7.3 | |
| veritas | netbackup_appliance | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3168C4-243B-459F-AA39-CEA541794568",
"versionEndIncluding": "2.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF0E6D10-050E-4626-8E3B-AB15E8FA11FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5A6E8A-0836-442A-B90E-98DF559E34FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root."
},
{
"lang": "es",
"value": "En Veritas NetBackup Appliance 3.0 y anteriores, los usuarios no autenticados pueden ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2017-8859",
"lastModified": "2024-11-21T03:34:51.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-09T21:29:00.817",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98383"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-005.html#Issue1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#c2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir remotamente archivos arbitrarios en ubicaciones arbitrarias desde cualquier Cliente a cualquier otro Cliente por medio de un servidor primario"
}
],
"id": "CVE-2022-36990",
"lastModified": "2024-11-21T07:14:13.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:17.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m6 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A22BA0AF-70FB-4948-B047-E62EA64EFFC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso a un cliente de NetBackup podr\u00eda recopilar de forma remota informaci\u00f3n sobre cualquier host conocido por un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36996",
"lastModified": "2024-11-21T07:14:14.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m1 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-37000",
"lastModified": "2024-11-21T07:14:15.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#h9 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota impactos que incluyen una lectura arbitraria de archivos, un ataque de tipo Server-Side Request Forgery (SSRF) y una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2022-36997",
"lastModified": "2024-11-21T07:14:14.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.veritas.com/content/support/en_US/security/VTS22-004#m2 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
"matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
"matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
"matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
}
],
"id": "CVE-2022-36999",
"lastModified": "2024-11-21T07:14:15.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T01:15:18.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2024-11-21 03:29
Severity ?
Summary
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup | * | |
| veritas | netbackup_appliance | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22ACFAB5-377D-43E5-9991-5587B7829263",
"versionEndIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. Puede ocurrir ejecuci\u00f3n local arbitraria de comandos cuando se utiliza bpcd y bpnbat."
}
],
"id": "CVE-2017-6401",
"lastModified": "2024-11-21T03:29:41.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:00.590",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}