CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46411
https://notcve.org/view.php?id=CVE-2022-46411
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. Una contraseña predeterminada persiste después de la instalación y puede descubrirse y usarse para escalar privilegios. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue3 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46414
https://notcve.org/view.php?id=CVE-2022-46414
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. La ejecución de comandos remotos no autenticados puede ocurrir a través del portal de administración. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue1 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46413
https://notcve.org/view.php?id=CVE-2022-46413
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. La ejecución de comandos remotos autenticados puede ocurrir a través del portal de administración. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue2 •
CVSS: 9.8EPSS: 97%CPEs: 97EXPL: 81CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2019-18780
https://notcve.org/view.php?id=CVE-2019-18780
05 Nov 2019 — An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, St... • https://www.veritas.com/content/support/en_US/security/VTS19-003 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •