CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6408
https://notcve.org/view.php?id=CVE-2017-6408
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir una condición de carrera de escalada de privilegios locales en pbx_exchange cuando un usuario local se conecta a un socket antes de que se aseguren los permisos. • http://www.securityfocus.com/bid/96491 http://www.securitytracker.com/id/1037950 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6403
https://notcve.org/view.php?id=CVE-2017-6403
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. NetBackup Cloud Storage Service utiliza un nombre de usuario y contraseña codificados. • http://www.securityfocus.com/bid/96500 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6409
https://notcve.org/view.php?id=CVE-2017-6409
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado. • http://www.securityfocus.com/bid/96504 http://www.securitytracker.com/id/1037950 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6405
https://notcve.org/view.php?id=CVE-2017-6405
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host está abierta a la suplantación de DNS. • http://www.securityfocus.com/bid/96488 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7 • CWE-290: Authentication Bypass by Spoofing •