CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6399
https://notcve.org/view.php?id=CVE-2017-6399
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado). • http://www.securityfocus.com/bid/96490 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6403
https://notcve.org/view.php?id=CVE-2017-6403
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. NetBackup Cloud Storage Service utiliza un nombre de usuario y contraseña codificados. • http://www.securityfocus.com/bid/96500 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6409
https://notcve.org/view.php?id=CVE-2017-6409
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado. • http://www.securityfocus.com/bid/96504 http://www.securitytracker.com/id/1037950 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6405
https://notcve.org/view.php?id=CVE-2017-6405
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host está abierta a la suplantación de DNS. • http://www.securityfocus.com/bid/96488 https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 0%CPEs: 37EXPL: 0CVE-2015-6552
https://notcve.org/view.php?id=CVE-2015-6552
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. La implementación del protocolo management-services en Veritas NetBackup 7.x hasta la versión 7.5.0.7, 7.6.0.x hasta la versión 7.6.0.4, 7.6.1.x hasta la versión 7.6.1.2 y 7.7.x en versiones anteriores a 7.7.2 y NetBackup Appliance hasta la versión 2.5.4, 2.6.0.x hasta la versión 2.6.0.4, 2.6.1.x hasta la versión 2.6.1.2 y 2.7.x en versiones anteriores a 2.7.2 permite a atacantes remotos hacer llamadas RPC arbitrarias a través de vectores no especificados. • http://www.securitytracker.com/id/1035704 https://www.veritas.com/content/support/en_US/security/VTS16-001.html • CWE-284: Improper Access Control •