CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42304
https://notcve.org/view.php?id=CVE-2022-42304
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y los productos Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL que afecta al código de los gestores idm, nbars y SLP • https://www.veritas.com/content/support/en_US/security/VTS22-011#H2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42305
https://notcve.org/view.php?id=CVE-2022-42305
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de Salto de Ruta mediante el servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42306
https://notcve.org/view.php?id=CVE-2022-42306
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y en los productos de Veritas relacionados. Un atacante con acceso local puede enviar un paquete diseñado a pbx_exchange durante el registro y causar una excepción de puntero NULL, ... • https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42307
https://notcve.org/view.php?id=CVE-2022-42307
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) por medio del servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42308
https://notcve.org/view.php?id=CVE-2022-42308
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y productos relacionados de Veritas. Un atacante con acceso local puede eliminar archivos arbitrarios al aprovechar un salto de ruta en el código de registro pbx_exchange • https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36984
https://notcve.org/view.php?id=CVE-2022-36984
28 Jul 2022 — An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacan... • https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36985
https://notcve.org/view.php?id=CVE-2022-36985
28 Jul 2022 — An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local ... • https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 •
CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36986
https://notcve.org/view.php?id=CVE-2022-36986
28 Jul 2022 — An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podr... • https://www.veritas.com/content/support/en_US/security/VTS22-004#h3 •
CVSS: 8.5EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36987
https://notcve.org/view.php?id=CVE-2022-36987
28 Jul 2022 — An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado... • https://www.veritas.com/content/support/en_US/security/VTS22-004#h4 •
CVSS: 9.0EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36988
https://notcve.org/view.php?id=CVE-2022-36988
28 Jul 2022 — An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9... • https://www.veritas.com/content/support/en_US/security/VTS22-004#h6 •