CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12875
https://notcve.org/view.php?id=CVE-2020-12875
14 May 2020 — Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. Veritas APTARE versiones anteriores a 10.4, no llevó a cabo las comprobaciones de autorización adecuadas. Un usuario autenticado podría obtener acceso no autorizado a información confidencial o a una funcionalidad mediante la manipulación de parámetros específicos dentro ... • https://www.veritas.com/content/support/en_US/security/VTS20-003 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12877
https://notcve.org/view.php?id=CVE-2020-12877
14 May 2020 — Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. Veritas APTARE versiones anteriores a 10.4, permitían acceder a información confidencial sin autenticación. • https://www.veritas.com/content/support/en_US/security/VTS20-003 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12876
https://notcve.org/view.php?id=CVE-2020-12876
14 May 2020 — Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. Veritas APTARE versiones anteriores a 10.4, permitían a usuarios remotos acceder a varios archivos no deseados en el servidor. Esta vulnerabilidad solo impacta las implementaciones del servidor de Windows. • https://www.veritas.com/content/support/en_US/security/VTS20-003 • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 6%CPEs: 11EXPL: 0CVE-2019-18780
https://notcve.org/view.php?id=CVE-2019-18780
05 Nov 2019 — An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, St... • https://www.veritas.com/content/support/en_US/security/VTS19-003 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 5%CPEs: 11EXPL: 0CVE-2019-14418 – Veritas Resiliency Platform (VRP) Traversal / Command Execution
https://notcve.org/view.php?id=CVE-2019-14418
29 Jul 2019 — An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine. Se detectó un problema en Veritas Resiliencia Platform (VRP) anterior a versión 3.4 HF1. Cuando se carga un paquete de aplicaciones, una vulnerabilidad de salto... • http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14417 – Veritas Resiliency Platform (VRP) Traversal / Command Execution
https://notcve.org/view.php?id=CVE-2019-14417
29 Jul 2019 — An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality. Se detectó un problema en Veritas Resiliencia Platform (VRP) anterior a versión 3.4 HF1. Una vulnerabilidad de ejecución de comando arbitraria permite a un usuario VRP malicioso ejecutar comandos con privilegios root dentro de la máquina virtual de VRP, relaci... • http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2019-14416 – Veritas Resiliency Platform (VRP) Traversal / Command Execution
https://notcve.org/view.php?id=CVE-2019-14416
29 Jul 2019 — An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality. Se detectó un problema en Veritas Resiliencia Platform (VRP) anterior a versión 3.4 HF1. Una vulnerabilidad de ejecución de comando arbitraria permite a un usuario VRP malicioso ejecutar comandos con privilegios root dentro de la... • http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14415 – Veritas Resiliency Platform (VRP) Traversal / Command Execution
https://notcve.org/view.php?id=CVE-2019-14415
29 Jul 2019 — An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to. Se detectó un problema en Veritas Resiliencia Platform (VRP) anterior a versión 3.4 HF1. Una vulnerabilidad de tipo cross-site scripting (XSS) persistente permite a un usuario de VRP ma... • http://packetstormsecurity.com/files/153842/Veritas-Resiliency-Platform-VRP-Traversal-Command-Execution.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9868
https://notcve.org/view.php?id=CVE-2019-9868
19 Mar 2019 — An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versión 3.1.2. La contraseña SMTP se muestra a un administrador. • http://www.securityfocus.com/bid/107567 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9867
https://notcve.org/view.php?id=CVE-2019-9867
19 Mar 2019 — An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versión 3.1.2. La contraseña del servidor proxy se muestra a un administrador. • http://www.securityfocus.com/bid/107567 • CWE-522: Insufficiently Protected Credentials •