Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Netbackup
(Veritas)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 63 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-28 | CVE-2022-36997 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. | Flex_appliance, Flex_scale, Netbackup, Netbackup_appliance | 8.8 | ||
| 2023-03-23 | CVE-2023-28759 | An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. | Netbackup | 7.8 | ||
| 2023-03-23 | CVE-2023-28758 | An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | Netbackup | 7.1 | ||
| 2022-07-28 | CVE-2022-36996 | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server. | Flex_appliance, Flex_scale, Netbackup, Netbackup_appliance | 6.5 | ||
| 2022-11-17 | CVE-2022-45461 | The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | Netbackup | 8.8 | ||
| 2022-10-03 | CVE-2022-42302 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. | Netbackup | 9.8 | ||
| 2022-10-03 | CVE-2022-42299 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. | Netbackup | 7.5 | ||
| 2022-10-03 | CVE-2022-42300 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) | Netbackup | 6.5 | ||
| 2022-10-03 | CVE-2022-42301 | An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. | Netbackup | 8.8 | ||
| 2022-10-03 | CVE-2022-42303 | An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. | Netbackup | 9.8 |