CVE-2022-42306
https://notcve.org/view.php?id=CVE-2022-42306
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y en los productos de Veritas relacionados. Un atacante con acceso local puede enviar un paquete diseñado a pbx_exchange durante el registro y causar una excepción de puntero NULL, bloqueando efectivamente el proceso pbx_exchange • https://www.veritas.com/content/support/en_US/security/VTS22-010#M1 • CWE-476: NULL Pointer Dereference •
CVE-2022-42307
https://notcve.org/view.php?id=CVE-2022-42307
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) por medio del servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M2 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-42308
https://notcve.org/view.php?id=CVE-2022-42308
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code. Se ha detectado un problema en Veritas NetBackup versiones hasta 8.2 y productos relacionados de Veritas. Un atacante con acceso local puede eliminar archivos arbitrarios al aprovechar un salto de ruta en el código de registro pbx_exchange • https://www.veritas.com/content/support/en_US/security/VTS22-010#C1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-36948
https://notcve.org/view.php?id=CVE-2022-36948
In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, puede producirse un ataque de tipo DOM XSS. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-36949
https://notcve.org/view.php?id=CVE-2022-36949
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, un atacante con acceso local a un servidor de NetBackup OpsCenter podría escalar sus privilegios. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5 •