CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37237
https://notcve.org/view.php?id=CVE-2023-37237
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. • https://www.veritas.com/content/support/en_US/security/VTS23-004 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26788
https://notcve.org/view.php?id=CVE-2023-26788
Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. • https://github.com/IthacaLabs/Veritas-Technologies https://github.com/IthacaLabs/Veritas-Technologies/blob/main/Veritas%20Appliance%20v4.1.0.1/HHI/HHI_CVE-2023-26788.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36984
https://notcve.org/view.php?id=CVE-2022-36984
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota un ataque de denegación de servicio contra un servidor primario de NetBackup • https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36985
https://notcve.org/view.php?id=CVE-2022-36985
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podría escalar potencialmente sus privilegios • https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 •
CVSS: 9.8EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36986
https://notcve.org/view.php?id=CVE-2022-36986
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podría ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup • https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 •