CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36950
https://notcve.org/view.php?id=CVE-2022-36950
27 Jul 2022 — In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, un atacante remoto no autenticado puede llevar a cabo la ejecución de comandos remota mediante la manipulación del cargador de clases de Java. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue3 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36951
https://notcve.org/view.php?id=CVE-2022-36951
27 Jul 2022 — In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, un atacante remoto no autenticado puede comprometer el host al explotar una vulnerabilidad incorrectamente parcheada. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue2 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36952
https://notcve.org/view.php?id=CVE-2022-36952
27 Jul 2022 — In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, se presenta una credencial embebida que podría usarse para explotar el subsistema VxSS subyacente. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue6 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36953
https://notcve.org/view.php?id=CVE-2022-36953
27 Jul 2022 — In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, ciertos puntos finales podrían permitir a un atacante remoto no autenticado obtener información confidencial. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue8 •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-36954
https://notcve.org/view.php?id=CVE-2022-36954
27 Jul 2022 — In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. En Veritas NetBackup OpsCenter, bajo condiciones específicas, un atacante remoto autenticado puede ser capaz de crear o modificar cuentas de usuario de OpsCenter. Esto afecta a versiones 8.x hasta 8.3.0.2, 9.x hasta 9.0.0.1, 9.1.x hasta 9.1.0.1 y 10 • https://www.veritas.com/content/support/en_US/security/VTS22-009#Issue1 •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36955
https://notcve.org/view.php?id=CVE-2022-36955
27 Jul 2022 — In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. En Veritas NetBackup, un atacante con acceso local no privilegiado a un Cliente NetBackup puede enviar comandos específicos para escalar sus privilegios. Esto afecta a versiones 8.0 hasta 8.1.2, 8.2, 8.3 hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 • https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36956
https://notcve.org/view.php?id=CVE-2022-36956
27 Jul 2022 — In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. En Veritas NetBackup, el Cliente NetBackup permite una ejecución de comandos arbitrarios desde cualquier host remoto que tenga acceso a un certificado/clave privada de NetBackup con un ID de host válido del mismo dominio. Afecta a versiones 9.0.x hasta 9.0.0.1 ... • https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41570
https://notcve.org/view.php?id=CVE-2021-41570
19 Apr 2022 — Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. Veritas NetBackup OpsCenter Analytics versión 9.1, permite un uso de tipo XSS por medio de los campos NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password durante una operación de Añadir Ajustes/Configuración • https://www.veritas.com/content/support/en_US/security/VTS22-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 97%CPEs: 97EXPL: 81CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 96%CPEs: 57EXPL: 4CVE-2005-2611 – Veritas Backup Exec (Windows) - Remote File Access
https://notcve.org/view.php?id=CVE-2005-2611
17 Aug 2005 — VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. • https://packetstorm.news/files/id/180901 •