MidnightBSD

Advisories for veritas

CVE-2003-1361 HIGH

Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas bare_metal_restore *
CVE-2004-1389 MEDIUM

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
veritas netbackup 3.4.0
veritas netbackup 5.0
veritas netbackup 4.5.0
veritas netbackup 3.4.1
veritas netbackup 5.1
CVE-2005-0772 MEDIUM

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2006-0989 HIGH

Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
veritas netbackup 5.0
veritas netbackup 4.5.0
veritas netbackup 5.1
veritas netbackup 6.0
CVE-2006-0990 HIGH

Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
veritas netbackup 5.0
veritas netbackup 4.5.0
veritas netbackup 5.1
veritas netbackup 6.0
CVE-2006-0991 HIGH

Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
veritas netbackup 5.0
veritas netbackup 4.5.0
veritas netbackup 5.1
veritas netbackup 6.0
CVE-2015-6550 HIGH

bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
veritas netbackup_appliance 1.1.0.1
veritas netbackup 7.6.0.2
veritas netbackup 7.7.1
veritas netbackup_appliance 2.6.0.4
veritas netbackup 7.6.1.2
veritas netbackup_appliance 2.5.2
veritas netbackup_appliance 2.0.1
veritas netbackup_appliance 1.1.0.2
veritas netbackup_appliance 2.5.1
veritas netbackup 7.0.1
veritas netbackup_appliance 2.6
veritas netbackup_appliance 2.6.1.1
veritas netbackup_appliance 2.0
veritas netbackup 7.5.0.1
veritas netbackup 7.1.0.4
veritas netbackup 7.6.0.3
veritas netbackup_appliance 2.0.3
veritas netbackup 7.5.0.7
veritas netbackup_appliance 2.6.1.2
veritas netbackup_appliance 2.7.1
veritas netbackup 7.1.0.1
veritas netbackup 7.0
veritas netbackup_appliance 2.6.0.3
veritas netbackup 7.1.0.2
veritas netbackup 7.5.0.5
veritas netbackup_appliance 1.2
veritas netbackup_appliance 2.5
veritas netbackup_appliance 2.6.0.2
veritas netbackup 7.5.0.4
veritas netbackup 7.6.1.1
veritas netbackup_appliance 2.0.2
veritas netbackup 7.5.0.6
veritas netbackup_appliance 2.5.3
veritas netbackup 7.5.0.3
veritas netbackup 7.6.0.4
veritas netbackup 7.1.0.3
veritas netbackup_appliance 2.6.1
CVE-2015-6551 MEDIUM

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
veritas netbackup_appliance 1.1.0.1
veritas netbackup 7.6.0.2
veritas netbackup 7.7.1
veritas netbackup_appliance 2.6.0.4
veritas netbackup 7.6.1.2
veritas netbackup_appliance 2.5.2
veritas netbackup_appliance 2.0.1
veritas netbackup_appliance 1.1.0.2
veritas netbackup_appliance 2.5.1
veritas netbackup 7.0.1
veritas netbackup_appliance 2.6
veritas netbackup_appliance 2.6.1.1
veritas netbackup_appliance 2.0
veritas netbackup 7.5.0.1
veritas netbackup 7.1.0.4
veritas netbackup 7.6.0.3
veritas netbackup_appliance 2.0.3
veritas netbackup 7.5.0.7
veritas netbackup_appliance 2.6.1.2
veritas netbackup_appliance 2.7.1
veritas netbackup 7.1.0.1
veritas netbackup 7.0
veritas netbackup_appliance 2.6.0.3
veritas netbackup 7.1.0.2
veritas netbackup 7.5.0.5
veritas netbackup_appliance 1.2
veritas netbackup_appliance 2.5
veritas netbackup_appliance 2.6.0.2
veritas netbackup 7.5.0.4
veritas netbackup 7.6.1.1
veritas netbackup_appliance 2.0.2
veritas netbackup 7.5.0.6
veritas netbackup_appliance 2.5.3
veritas netbackup 7.5.0.3
veritas netbackup 7.6.0.4
veritas netbackup 7.1.0.3
veritas netbackup_appliance 2.6.1
CVE-2015-6552 HIGH

The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
veritas netbackup_appliance 1.1.0.1
veritas netbackup 7.6.0.2
veritas netbackup 7.7.1
veritas netbackup_appliance 2.6.0.4
veritas netbackup 7.6.1.2
veritas netbackup_appliance 2.5.2
veritas netbackup_appliance 2.0.1
veritas netbackup_appliance 1.1.0.2
veritas netbackup_appliance 2.5.1
veritas netbackup 7.0.1
veritas netbackup_appliance 2.6
veritas netbackup_appliance 2.6.1.1
veritas netbackup_appliance 2.0
veritas netbackup 7.5.0.1
veritas netbackup 7.1.0.4
veritas netbackup 7.6.0.3
veritas netbackup_appliance 2.0.3
veritas netbackup 7.5.0.7
veritas netbackup_appliance 2.6.1.2
veritas netbackup_appliance 2.7.1
veritas netbackup 7.1.0.1
veritas netbackup 7.0
veritas netbackup_appliance 2.6.0.3
veritas netbackup 7.1.0.2
veritas netbackup 7.5.0.5
veritas netbackup_appliance 1.2
veritas netbackup_appliance 2.5
veritas netbackup_appliance 2.6.0.2
veritas netbackup 7.5.0.4
veritas netbackup 7.6.1.1
veritas netbackup_appliance 2.0.2
veritas netbackup 7.5.0.6
veritas netbackup_appliance 2.5.3
veritas netbackup 7.5.0.3
veritas netbackup 7.6.0.4
veritas netbackup 7.1.0.3
veritas netbackup_appliance 2.6.1
CVE-2016-7399 HIGH

scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
veritas netbackup_appliance_firmware 2.6.0.3
veritas netbackup_appliance_firmware 2.6.0.2
veritas netbackup_appliance_firmware 2.6.1.0
veritas netbackup_appliance_firmware 2.6.0.1
veritas netbackup_appliance_firmware 2.6.1.2
veritas netbackup_appliance_firmware 2.6.1.1
veritas netbackup_appliance_firmware 2.6.0.0
veritas netbackup_appliance_firmware 2.7.1.0
veritas netbackup_appliance_firmware 2.7.2.0
veritas netbackup_appliance_firmware 3.0.0.0
veritas netbackup_appliance_firmware 2.7.0.0
veritas netbackup_appliance_firmware 2.6.0.4
CVE-2017-6399 HIGH

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas access *
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6400 HIGH

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas access *
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6401 MEDIUM

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6402 MEDIUM

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6403 HIGH

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6404 LOW

An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6405 MEDIUM

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6406 HIGH

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas access *
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6407 HIGH

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6408 MEDIUM

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-6409 HIGH

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-7444 HIGH

In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas system_recovery 16
CVE-2017-8856 HIGH

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-8857 HIGH

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-8858 HIGH

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2017-8859 HIGH

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas netbackup_appliance 2.7.3
veritas netbackup_appliance 3.0
veritas netbackup_appliance *
CVE-2017-8895 HIGH

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2018-18652 HIGH

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
CVE-2019-14415 LOW

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
veritas resiliency_platform *
veritas resiliency_platform 3.3.2
CVE-2019-14416 HIGH

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas resiliency_platform *
veritas resiliency_platform 3.3.2
CVE-2019-14417 HIGH

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas resiliency_platform *
veritas resiliency_platform 3.3.2
CVE-2019-14418 MEDIUM

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
veritas resiliency_platform 2.1
veritas resiliency_platform 3.0
veritas resiliency_platform 3.2
veritas resiliency_platform 2.0
veritas resiliency_platform 3.3
veritas resiliency_platform 2.2
veritas resiliency_platform 3.3.2
veritas resiliency_platform 1.2
veritas resiliency_platform 3.1
veritas resiliency_platform 3.3.1
CVE-2019-18780 HIGH

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
veritas access *
veritas flex_appliance *
veritas storage_foundation_ha *
veritas access_appliance *
veritas infoscale *
veritas cluster_server *
CVE-2019-9867 MEDIUM

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
CVE-2019-9868 MEDIUM

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
veritas netbackup_appliance *
CVE-2020-12874 HIGH

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
veritas aptare *
CVE-2020-12875 MEDIUM

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
veritas aptare *
CVE-2020-12876 MEDIUM

Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
veritas aptare *
CVE-2020-12877 MEDIUM

Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
veritas aptare *
CVE-2020-27156 HIGH

Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,

Products Affected

Vendor Product Version
veritas aptare *
CVE-2020-27157 MEDIUM

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,

Products Affected

Vendor Product Version
veritas aptare *
CVE-2020-36159 MEDIUM

Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas desktop_and_laptop_option *
CVE-2020-36160 HIGH

An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas system_recovery *
CVE-2020-36161 HIGH

An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas aptare_it_analytics 10.5.00
veritas aptare_it_analytics 10.4.00
CVE-2020-36162 HIGH

An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. The CloudPoint Windows Agent leverages OpenSSL. This OpenSSL library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems users can create directories under <drive>:\. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, which may result in arbitrary code execution. This would give the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas cloudpoint 2.2
veritas cloudpoint 1.0
veritas cloudpoint 2.0.1
veritas cloudpoint 1.0.2
veritas cloudpoint 2.2.2
veritas cloudpoint 2.2.1
veritas cloudpoint 2.1.1
veritas cloudpoint 2.1.2
veritas netbackup_cloudpoint 8.3
veritas cloudpoint 2.0
veritas netbackup_cloudpoint 8.3.0.1
veritas cloudpoint 2.1
veritas cloudpoint 2.0.2
CVE-2020-36163 HIGH

An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas opscenter *
veritas netbackup *
CVE-2020-36164 HIGH

An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\) and the product's installation drive (typically not C:\): \Isode\etc\ssl\openssl.cnf (on SMTP Server) or \user\ssl\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories under C:\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability only affects a server with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2020-36165 HIGH

An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This impacts DLO server and client installations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas desktop_and_laptop_option *
CVE-2020-36166 HIGH

An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf, where <drive> could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a <drive>:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas storage_foundation *
veritas infoscale *
veritas storage_foundation_and_high_availability *
veritas infoscale_operations_manager *
CVE-2020-36167 HIGH

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to <drive>:\usr\local\ssl\openssl.cnf. A low privileged user can create a :\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-434,

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2020-36168 HIGH

An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas resiliency_platform 3.4
veritas resiliency_platform 3.5
CVE-2020-36169 HIGH

An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 2.0 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas opscenter *
veritas netbackup *
CVE-2021-27876 HIGH

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2021-27877 HIGH

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2021-27878 HIGH

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2021-41570 LOW

Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
veritas netbackup 9.1
veritas netbackup *
CVE-2021-44677 MEDIUM

An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2021-44678 MEDIUM

An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2021-44679 MEDIUM

An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2021-44680 MEDIUM

An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2021-44681 MEDIUM

An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2021-44682 MEDIUM

An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2022-22965 HIGH

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,CWE-94,

Products Affected

Vendor Product Version
veritas netbackup_flex_scale_appliance 3.0
oracle communications_cloud_native_core_unified_data_repository 22.1.0
oracle retail_financial_integration 14.1.3.2
oracle retail_merchandising_system 19.0.1
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
veritas netbackup_virtual_appliance 4.0
veritas flex_appliance 1.3
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle retail_financial_integration 19.0.1
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle communications_policy_management 12.6.0.0.0
veritas flex_appliance 2.1
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle retail_bulk_data_integration 16.0.3
oracle retail_integration_bus 14.1.3.2
veritas netbackup_virtual_appliance 4.1.0.1
oracle retail_financial_integration 15.0.3.1
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
veritas netbackup_flex_scale_appliance 2.1
oracle financial_services_enterprise_case_management 8.1.1.0
siemens operation_scheduler *
oracle commerce_platform 11.3.2
siemens sinec_network_management_system *
oracle retail_integration_bus 16.0.3
veritas netbackup_virtual_appliance 4.0.0.1
siemens simatic_speech_assistant_for_machines *
cisco cx_cloud_agent *
siemens sipass_integrated 2.85
siemens siveillance_identity 1.6
veritas access_appliance 7.4.3.200
veritas netbackup_appliance 4.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
vmware spring_framework *
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle financial_services_enterprise_case_management 8.1.2.0
oracle sd-wan_edge 9.1
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_console 22.1.0
oracle communications_unified_inventory_management 7.4.1
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_policy 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 1.15.0
oracle communications_cloud_native_core_console 1.9.0
oracle financial_services_enterprise_case_management 8.1.1.1
veritas netbackup_appliance 4.1.0.1
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_unified_inventory_management 7.4.2
veritas flex_appliance 2.0.1
oracle mysql_enterprise_monitor *
oracle retail_xstore_point_of_service 20.0.1
oracle weblogic_server 14.1.1.0.0
veritas access_appliance 7.4.3
veritas access_appliance 7.4.3.100
veritas flex_appliance 2.0
veritas netbackup_virtual_appliance 4.1
oracle product_lifecycle_analytics 3.6.1
oracle retail_financial_integration 16.0.3
veritas netbackup_appliance 4.1
oracle retail_xstore_point_of_service 21.0.0
oracle communications_unified_inventory_management 7.5.0
oracle weblogic_server 12.2.1.4.0
siemens siveillance_identity 1.5
oracle financial_services_analytical_applications_infrastructure 8.1.1
oracle communications_cloud_native_core_network_repository_function 1.15.0
veritas netbackup_appliance 4.0.0.1
oracle retail_integration_bus 15.0.3.1
oracle communications_cloud_native_core_binding_support_function 22.1.3
veritas flex_appliance 2.0.2
oracle communications_cloud_native_core_policy 1.15.0
oracle financial_services_behavior_detection_platform 8.1.2.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle retail_integration_bus 19.0.1
siemens sipass_integrated 2.80
oracle weblogic_server 12.2.1.3.0
oracle retail_merchandising_system 16.0.3
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle sd-wan_edge 9.0
oracle financial_services_behavior_detection_platform 8.1.1.0
CVE-2022-26483 LOW

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
veritas infoscale_operations_manager 8.0.0
veritas infoscale_operations_manager *
CVE-2022-26484 MEDIUM

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
cve@mitre.org 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
veritas infoscale_operations_manager 8.0.0
veritas infoscale_operations_manager *
CVE-2022-26778 MEDIUM

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-312,

Products Affected

Vendor Product Version
veritas system_recovery 18.0
veritas system_recovery 21
CVE-2022-36948

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36949

In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 9.3 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 2.5 6.0

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36950

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36951

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36953

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36954

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
cve@mitre.org 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup *
CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
veritas netbackup 8.2
veritas netbackup *
CVE-2022-36956

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9
cve@mitre.org 9.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
veritas netbackup 9.0
veritas netbackup 9.1.0.0
CVE-2022-36984

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
cve@mitre.org 7.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 3.1 4.0

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36985

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36986

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36987

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
cve@mitre.org 8.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 1.8 6.0

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36988

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36989

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
cve@mitre.org 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H 3.1 5.8

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36991

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6
cve@mitre.org 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36992

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36993

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36994

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H 1.8 4.0

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36995

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36996

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup 10.0
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36997

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L 2.8 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36998

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H 1.8 4.0
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-36999

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-37000

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.1.1
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas netbackup_appliance 4.1.0.1
veritas flex_scale 2.1
veritas flex_appliance 2.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup 8.3
veritas flex_appliance 2.1
veritas netbackup 8.1.2
veritas netbackup 9.1.0.1
veritas flex_appliance 2.0
veritas netbackup 9.1
veritas netbackup_appliance 4.1
veritas netbackup 8.1.1
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 3.1.2
veritas netbackup 8.2
veritas netbackup 8.3.0.1
veritas flex_appliance 2.0.2
veritas flex_scale 1.3.1
veritas netbackup_appliance 4.0
veritas netbackup_appliance 3.2
veritas netbackup 8.3.0.2
CVE-2022-41319

A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).

Products Affected

Vendor Product Version
veritas desktop_and_laptop_option *
CVE-2022-41320

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
veritas system_recovery *
CVE-2022-42299

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42300

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42301

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 2.8 2.5
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42302

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.0 CRITICAL CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 2.2 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42303

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42304

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.0 HIGH CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 1.3 6.0
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42305

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 2.0 4.0
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42307

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-42308

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
cve@mitre.org 9.0 CRITICAL CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H 2.5 5.8

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2022-46410

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.

Products Affected

Vendor Product Version
veritas netbackup_flex_scale_appliance *
CVE-2022-46411

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.

Products Affected

Vendor Product Version
veritas access_appliance *
veritas netbackup_flex_scale_appliance *
CVE-2022-46412

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.

Products Affected

Vendor Product Version
veritas netbackup_flex_scale_appliance *
CVE-2022-46413

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.

Products Affected

Vendor Product Version
veritas access_appliance *
veritas netbackup_flex_scale_appliance *
CVE-2022-46414

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.

Products Affected

Vendor Product Version
veritas access_appliance *
veritas netbackup_flex_scale_appliance *
CVE-2023-26788

Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
veritas netbackup_appliance_firmware 4.1.0.1
CVE-2023-26789

Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
veritas netbackup_opscenter 9.1.0.1
CVE-2023-28758

An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
cve@mitre.org 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2023-28818

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
veritas aptare_it_analytics *
veritas netbackup_it_analytics 11.0.00
veritas netbackup_it_analytics 11.1.00
CVE-2023-32568

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
veritas infoscale_operations_manager *
CVE-2023-32569

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
veritas infoscale_operations_manager *
CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance *
CVE-2023-38404

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
veritas infoscale_operations_manager *
CVE-2023-40256

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup_snapshot_manager 9.1.0.1
veritas netbackup_snapshot_manager *
veritas netbackup_snapshot_manager 10.0
veritas netbackup_snapshot_manager 10.1
veritas netbackup_snapshot_manager 10.1.1
veritas netbackup_snapshot_manager 10.2
veritas netbackup_snapshot_manager 10.0.0.1
veritas netbackup_snapshot_manager 9.0
veritas netbackup_snapshot_manager 9.1
CVE-2024-27283

A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
veritas ediscovery_platform *
CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas netbackup_appliance *
veritas netbackup *
CVE-2024-33671

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.5 5.2

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2024-33672

An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.7 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.5 5.2

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2024-33673

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
veritas backup_exec *
CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
veritas data_insight *
CVE-2024-52942

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-52943

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-52944

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-52945

An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
veritas netbackup *
CVE-2024-53909

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-53910

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-53911

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-53912

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-53913

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-53914

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *
CVE-2024-53915

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
veritas enterprise_vault *