CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36948
https://notcve.org/view.php?id=CVE-2022-36948
27 Jul 2022 — In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, puede producirse un ataque de tipo DOM XSS. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36949
https://notcve.org/view.php?id=CVE-2022-36949
27 Jul 2022 — In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, un atacante con acceso local a un servidor de NetBackup OpsCenter podría escalar sus privilegios. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue5 •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2022-36950
https://notcve.org/view.php?id=CVE-2022-36950
27 Jul 2022 — In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, un atacante remoto no autenticado puede llevar a cabo la ejecución de comandos remota mediante la manipulación del cargador de clases de Java. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2022-36951
https://notcve.org/view.php?id=CVE-2022-36951
27 Jul 2022 — In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, un atacante remoto no autenticado puede comprometer el host al explotar una vulnerabilidad incorrectamente parcheada. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36952
https://notcve.org/view.php?id=CVE-2022-36952
27 Jul 2022 — In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, se presenta una credencial embebida que podría usarse para explotar el subsistema VxSS subyacente. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36953
https://notcve.org/view.php?id=CVE-2022-36953
27 Jul 2022 — In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, ciertos puntos finales podrían permitir a un atacante remoto no autenticado obtener información confidencial. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8 •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36954
https://notcve.org/view.php?id=CVE-2022-36954
27 Jul 2022 — In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, bajo condiciones específicas, un atacante remoto autenticado puede ser capaz de crear o modificar cuentas de usuario de OpsCenter. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1 •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36955
https://notcve.org/view.php?id=CVE-2022-36955
27 Jul 2022 — In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. En Veritas NetBackup, un atacante con acceso local no privilegiado a un Cliente NetBackup puede enviar comandos específicos para escalar sus privilegios. Esto afecta a versiones 8.0 hasta 8.1.2, 8.2, 8.3 hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 • https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2 •
CVSS: 9.8EPSS: 94%CPEs: 97EXPL: 82CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36163
https://notcve.org/view.php?id=CVE-2020-36163
06 Jan 2021 — An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker adminis... • https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2 •