CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42306
https://notcve.org/view.php?id=CVE-2022-42306
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y en los productos de Veritas relacionados. Un atacante con acceso local puede enviar un paquete diseñado a pbx_exchange durante el registro y causar una excepción de puntero NULL, bloqueando efectivamente el proceso pbx_exchange • https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42307
https://notcve.org/view.php?id=CVE-2022-42307
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) por medio del servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42308
https://notcve.org/view.php?id=CVE-2022-42308
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y productos relacionados de Veritas. Un atacante con acceso local puede eliminar archivos arbitrarios al aprovechar un salto de ruta en el código de registro pbx_exchange • https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36984
https://notcve.org/view.php?id=CVE-2022-36984
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podría desencadenar de forma remota un ataque de denegación de servicio contra un servidor primario de NetBackup • https://www.veritas.com/content/support/en_US/security/VTS22-004#h8 •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2022-36985
https://notcve.org/view.php?id=CVE-2022-36985
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges. Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podría escalar potencialmente sus privilegios • https://www.veritas.com/content/support/en_US/security/VTS22-004#h7 •