CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36956
https://notcve.org/view.php?id=CVE-2022-36956
27 Jul 2022 — In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. En Veritas NetBackup, el Cliente NetBackup permite una ejecución de comandos arbitrarios desde cualquier host remoto que tenga acceso a un certificado/clave privada de NetBackup con un ID de host válido del mismo dominio. Afecta a versiones 9.0.x hasta 9.0.0.1 ... • https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41570
https://notcve.org/view.php?id=CVE-2021-41570
19 Apr 2022 — Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. Veritas NetBackup OpsCenter Analytics versión 9.1, permite un uso de tipo XSS por medio de los campos NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password durante una operación de Añadir Ajustes/Configuración • https://www.veritas.com/content/support/en_US/security/VTS22-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 94%CPEs: 97EXPL: 82CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26778
https://notcve.org/view.php?id=CVE-2022-26778
09 Mar 2022 — Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. Veritas System Recovery (VSR) versiones 18 y 21, almacena una contraseña de destino de red en el registro de Windows durante la configuración de la copia de seguridad. Esto podría permitir a un usuario de Windows (que tenga... • https://www.veritas.com/content/support/en_US/security/VTS21-002 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26484
https://notcve.org/view.php?id=CVE-2022-26484
04 Mar 2022 — An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, config... • https://www.veritas.com/content/support/en_US/security/VTS22-002 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26483
https://notcve.org/view.php?id=CVE-2022-26483
04 Mar 2022 — An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). Se ha detectado un problema en Veritas InfoScale Operations Manager (VIOM) versiones anteriores a 7.4.2 Parche 600 y 8.x versiones anteriores a... • https://www.veritas.com/content/support/en_US/security/VTS22-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44677 – Veritas Enterprise Vault EVExchangeWebServicesProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44677
06 Dec 2021 — An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by proper... • https://www.veritas.com/content/support/en_US/security/VTS21-003 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44678 – Veritas Enterprise Vault MonitoringAgent Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44678
06 Dec 2021 — An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by proper... • https://www.veritas.com/content/support/en_US/security/VTS21-003 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44679 – Veritas Enterprise Vault EVTaskGuardian Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44679
06 Dec 2021 — An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by proper... • https://www.veritas.com/content/support/en_US/security/VTS21-003 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44680 – Veritas Enterprise Vault EVMonitoring Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44680
06 Dec 2021 — An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by proper... • https://www.veritas.com/content/support/en_US/security/VTS21-003 • CWE-502: Deserialization of Untrusted Data •