CVE-2023-37237
https://notcve.org/view.php?id=CVE-2023-37237
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. • https://www.veritas.com/content/support/en_US/security/VTS23-004 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-26788
https://notcve.org/view.php?id=CVE-2023-26788
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. • https://github.com/IthacaLabs/Veritas-Technologies https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-46412
https://notcve.org/view.php?id=CVE-2022-46412
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0. Un usuario sin privilegios puede escapar de un shell restringido y ejecutar comandos privilegiados. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue4 •
CVE-2022-46411
https://notcve.org/view.php?id=CVE-2022-46411
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. Una contraseña predeterminada persiste después de la instalación y puede descubrirse y usarse para escalar privilegios. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue3 • CWE-287: Improper Authentication •
CVE-2022-46410
https://notcve.org/view.php?id=CVE-2022-46410
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0. Un atacante con privilegios no root puede escalar privilegios a root mediante el uso de comandos específicos. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue5 •