Search criteria
6 vulnerabilities found for netbackup_appliance_firmware by veritas
FKIE_CVE-2023-26788
Vulnerability from fkie_nvd - Published: 2023-04-10 13:15 - Updated: 2025-02-11 17:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance_firmware | 4.1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:4.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1616D977-27C1-4AC7-B9DD-CA88EEDC3620",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address."
}
],
"id": "CVE-2023-26788",
"lastModified": "2025-02-11T17:15:19.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-10T13:15:06.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2016-7399
Vulnerability from fkie_nvd - Published: 2017-01-04 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| veritas | netbackup_appliance_firmware | 2.6.0.0 | |
| veritas | netbackup_appliance_firmware | 2.6.0.1 | |
| veritas | netbackup_appliance_firmware | 2.6.0.2 | |
| veritas | netbackup_appliance_firmware | 2.6.0.3 | |
| veritas | netbackup_appliance_firmware | 2.6.0.4 | |
| veritas | netbackup_appliance_firmware | 2.6.1.0 | |
| veritas | netbackup_appliance_firmware | 2.6.1.1 | |
| veritas | netbackup_appliance_firmware | 2.6.1.2 | |
| veritas | netbackup_appliance_firmware | 2.7.0.0 | |
| veritas | netbackup_appliance_firmware | 2.7.1.0 | |
| veritas | netbackup_appliance_firmware | 2.7.2.0 | |
| veritas | netbackup_appliance_firmware | 3.0.0.0 | |
| veritas | netbackup_appliance | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9951CD9C-FDCD-473C-8845-BF8740FF17E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1E8778-5FAD-4A5D-B971-41BCEAB48111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E992D4D8-0988-481D-A4E4-D83CBDAF255B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF131673-40A6-467D-ADCD-A0459506F7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AAD875-623A-4750-AB97-25614C96C11C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3921C874-5ACE-4E88-85D8-26EC92A18A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B5269B-F024-4B41-ACD7-C3E26CA788DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA7E592-8559-4FFA-8C2A-C40645440972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4B34F4-C7D9-44DA-888B-9B639B98FD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC47BBE6-CC4F-4397-AFCB-8C0A85DD94BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E293FC-C35D-45BA-8362-39A6094A9421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:veritas:netbackup_appliance_firmware:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "900F4AA3-5B6E-4F36-8EF4-ED99DA595092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:veritas:netbackup_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27385F9-2E4C-4046-BAC3-45DEFE1926ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
},
{
"lang": "es",
"value": "scripts/license.pl en Veritas NetBackup Appliance 2.6.0.x hasta la versi\u00f3n 2.6.0.4, 2.6.1.x hasta la versi\u00f3n 2.6.1.2, 2.7.x hasta la versi\u00f3n 2.7.3 y 3.0.x permiten a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro hostName a appliancews/getLicense."
}
],
"id": "CVE-2016-7399",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-04T21:59:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-26788 (GCVE-0-2023-26788)
Vulnerability from cvelistv5 – Published: 2023-04-10 00:00 – Updated: 2025-02-11 16:44
VLAI?
Summary
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:42:31.139714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:44:10.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26788",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-11T16:44:10.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7399 (GCVE-0-2016-7399)
Vulnerability from cvelistv5 – Published: 2017-01-04 21:00 – Updated: 2024-08-06 01:57
VLAI?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94384"
},
{
"name": "https://www.veritas.com/support/en_US/article.000116055",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7399",
"datePublished": "2017-01-04T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26788 (GCVE-0-2023-26788)
Vulnerability from nvd – Published: 2023-04-10 00:00 – Updated: 2025-02-11 16:44
VLAI?
Summary
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26788",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T16:42:31.139714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T16:44:10.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-10T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/IthacaLabs/Veritas-Technologies"
},
{
"url": "https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26788",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2023-02-27T00:00:00.000Z",
"dateUpdated": "2025-02-11T16:44:10.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7399 (GCVE-0-2016-7399)
Vulnerability from nvd – Published: 2017-01-04 21:00 – Updated: 2024-08-06 01:57
VLAI?
Summary
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:57:47.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94384"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution",
"refsource": "MISC",
"url": "http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution"
},
{
"name": "94384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94384"
},
{
"name": "https://www.veritas.com/support/en_US/article.000116055",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/support/en_US/article.000116055"
},
{
"name": "1037555",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037555"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS16-002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7399",
"datePublished": "2017-01-04T21:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T01:57:47.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}