CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36955
https://notcve.org/view.php?id=CVE-2022-36955
In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. En Veritas NetBackup, un atacante con acceso local no privilegiado a un Cliente NetBackup puede enviar comandos específicos para escalar sus privilegios. Esto afecta a versiones 8.0 hasta 8.1.2, 8.2, 8.3 hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 • https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue2 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36956
https://notcve.org/view.php?id=CVE-2022-36956
In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. En Veritas NetBackup, el Cliente NetBackup permite una ejecución de comandos arbitrarios desde cualquier host remoto que tenga acceso a un certificado/clave privada de NetBackup con un ID de host válido del mismo dominio. Afecta a versiones 9.0.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 • https://www.veritas.com/content/support/en_US/security/VTS22-008#Issue1 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41570
https://notcve.org/view.php?id=CVE-2021-41570
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. Veritas NetBackup OpsCenter Analytics versión 9.1, permite un uso de tipo XSS por medio de los campos NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password durante una operación de Añadir Ajustes/Configuración • https://www.veritas.com/content/support/en_US/security/VTS22-007 https://www.veritas.com/support/en_US/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36163
https://notcve.org/view.php?id=CVE-2020-36163
An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. • https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue2 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36169
https://notcve.org/view.php?id=CVE-2020-36169
An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. • https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1 •