CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-46413
https://notcve.org/view.php?id=CVE-2022-46413
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. La ejecución de comandos remotos autenticados puede ocurrir a través del portal de administración. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue2 •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-46414
https://notcve.org/view.php?id=CVE-2022-46414
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. La ejecución de comandos remotos no autenticados puede ocurrir a través del portal de administración. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue1 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45461
https://notcve.org/view.php?id=CVE-2022-45461
17 Nov 2022 — The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. La Consola de administración de Java en Veritas NetBackup hasta 10.1 y productos Veritas relacionados en Linux y UNIX permite a usuarios no root autenticados (que se han agregado explícitamente al archivo auth.conf) ejecutar comandos arbitrarios como root. • https://www.veritas.com/content/support/en_US/security/VTS22-015 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42299
https://notcve.org/view.php?id=CVE-2022-42299
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de denegación de servicio mediante el servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M3 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42300
https://notcve.org/view.php?id=CVE-2022-42300
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El proceso nbars del servidor primario de NetBackup puede bloquearse resultando en una denegación de servicio. • https://www.veritas.com/content/support/en_US/security/VTS22-013#M2 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42301
https://notcve.org/view.php?id=CVE-2022-42301
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) mediante el proceso nbars • https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42302
https://notcve.org/view.php?id=CVE-2022-42302
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y productos relacionados de Veritas. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL afectando al servicio NBFSMCLIENT • https://www.veritas.com/content/support/en_US/security/VTS22-011#C1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42303
https://notcve.org/view.php?id=CVE-2022-42303
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL de segundo orden afectando al servicio NBFSMCLIENT aprovechando CVE-2022-42302 • https://www.veritas.com/content/support/en_US/security/VTS22-011#H1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42304
https://notcve.org/view.php?id=CVE-2022-42304
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y los productos Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL que afecta al código de los gestores idm, nbars y SLP • https://www.veritas.com/content/support/en_US/security/VTS22-011#H2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42305
https://notcve.org/view.php?id=CVE-2022-42305
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de Salto de Ruta mediante el servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •