Vulnerabilites related to veritas - netbackup_appliance_firmware
cve-2016-7399
Vulnerability from cvelistv5
Published
2017-01-04 21:00
Modified
2024-08-06 01:57
Severity ?
EPSS score ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94384 | vdb-entry, x_refsource_BID | |
| https://www.veritas.com/support/en_US/article.000116055 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037555 | vdb-entry, x_refsource_SECTRACK | |
| https://www.veritas.com/content/support/en_US/security/VTS16-002.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94384"
},
{
"name": "https://www.veritas.com/support/en_US/article.000116055",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7399",
"datePublished": "2017-01-04T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26788
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26788",
"datePublished": "2023-04-10T00:00:00",
"dateReserved": "2023-02-27T00:00:00",
"dateUpdated": "2024-08-02T11:53:54.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-04-10 13:15
Modified
2024-11-21 07:51
Severity ?
Summary
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance_firmware | 4.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1616D977-27C1-4AC7-B9DD-CA88EEDC3620",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address."
}
],
"id": "CVE-2023-26788",
"lastModified": "2024-11-21T07:51:56.983",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-10T13:15:06.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-04 21:59
Modified
2024-11-21 02:57
Severity ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance_firmware | 2.6.0.0 | |
| veritas | netbackup_appliance_firmware | 2.6.0.1 | |
| veritas | netbackup_appliance_firmware | 2.6.0.2 | |
| veritas | netbackup_appliance_firmware | 2.6.0.3 | |
| veritas | netbackup_appliance_firmware | 2.6.0.4 | |
| veritas | netbackup_appliance_firmware | 2.6.1.0 | |
| veritas | netbackup_appliance_firmware | 2.6.1.1 | |
| veritas | netbackup_appliance_firmware | 2.6.1.2 | |
| veritas | netbackup_appliance_firmware | 2.7.0.0 | |
| veritas | netbackup_appliance_firmware | 2.7.1.0 | |
| veritas | netbackup_appliance_firmware | 2.7.2.0 | |
| veritas | netbackup_appliance_firmware | 3.0.0.0 | |
| veritas | netbackup_appliance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9951CD9C-FDCD-473C-8845-BF8740FF17E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1E8778-5FAD-4A5D-B971-41BCEAB48111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E992D4D8-0988-481D-A4E4-D83CBDAF255B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF131673-40A6-467D-ADCD-A0459506F7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AAD875-623A-4750-AB97-25614C96C11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3921C874-5ACE-4E88-85D8-26EC92A18A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B5269B-F024-4B41-ACD7-C3E26CA788DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA7E592-8559-4FFA-8C2A-C40645440972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4B34F4-C7D9-44DA-888B-9B639B98FD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC47BBE6-CC4F-4397-AFCB-8C0A85DD94BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E293FC-C35D-45BA-8362-39A6094A9421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "900F4AA3-5B6E-4F36-8EF4-ED99DA595092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27385F9-2E4C-4046-BAC3-45DEFE1926ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
},
{
"lang": "es",
"value": "scripts/license.pl en Veritas NetBackup Appliance 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2, 2.7.x hasta la versi\u00f3n 2.7.3 y 3.0.x permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro hostName a appliancews/getLicense."
}
],
"id": "CVE-2016-7399",
"lastModified": "2024-11-21T02:57:55.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-04T21:59:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}