CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42306
https://notcve.org/view.php?id=CVE-2022-42306
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y en los productos de Veritas relacionados. Un atacante con acceso local puede enviar un paquete diseñado a pbx_exchange durante el registro y causar una excepción de puntero NULL, ... • https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42307
https://notcve.org/view.php?id=CVE-2022-42307
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) por medio del servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42308
https://notcve.org/view.php?id=CVE-2022-42308
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y productos relacionados de Veritas. Un atacante con acceso local puede eliminar archivos arbitrarios al aprovechar un salto de ruta en el código de registro pbx_exchange • https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36163
https://notcve.org/view.php?id=CVE-2020-36163
06 Jan 2021 — An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker adminis... • https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36169
https://notcve.org/view.php?id=CVE-2020-36169
06 Jan 2021 — An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacke... • https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1 •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2017-8856
https://notcve.org/view.php?id=CVE-2017-8856
09 May 2017 — In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores, hay una ejecución de comandos remotos arbitrarios no autenticados utilizando el proceso 'bprd'. • http://www.securityfocus.com/bid/98379 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 0CVE-2017-8857
https://notcve.org/view.php?id=CVE-2017-8857
09 May 2017 — In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. Veritas NetBackup 8.0 y anteriores y NetBackup Appliance 3.0 y anteriores están afectadas por una copia de archivos sin autenticación y ejecución de comandos de forma arbitraria a través del proceso 'bprd'. • http://www.securityfocus.com/bid/98384 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2017-8858
https://notcve.org/view.php?id=CVE-2017-8858
09 May 2017 — In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. En Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y anteriores, existe una escritura con privilegios remota de archivos no autenticada utilizando el proceso 'bprd'. • http://www.securityfocus.com/bid/98381 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6402
https://notcve.org/view.php?id=CVE-2017-6402
02 Mar 2017 — An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir la denegación de servicio que afecte al servidor NetBackup. • http://www.securityfocus.com/bid/96485 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6401
https://notcve.org/view.php?id=CVE-2017-6401
02 Mar 2017 — An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. Puede ocurrir ejecución local arbitraria de comandos cuando se utiliza bpcd y bpnbat. • http://www.securityfocus.com/bid/96493 • CWE-269: Improper Privilege Management •