CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46542
https://notcve.org/view.php?id=CVE-2024-46542
30 Dec 2024 — Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. • https://github.com/MarioTesoro/CVE-2024-46542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35204
https://notcve.org/view.php?id=CVE-2024-35204
13 May 2024 — Veritas System Recovery before 23.2_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. Veritas System Recovery anterior a 23.2_Hotfix tiene permisos incorrectos para la carpeta Veritas System Recovery y, por lo tanto, los usuarios con pocos privilegios pueden realizar ataques. Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. • https://www.veritas.com/support/en_US/security/VTS24-005 • CWE-272: Least Privilege Violation •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33671
https://notcve.org/view.php?id=CVE-2024-33671
26 Apr 2024 — An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. Se descubrió un problema en Veritas Backup Exec antes de la versión 22.2 HotFix 917391. El Backup Exec Deduplication Multi-threaded Streaming Agent se puede aprovechar para realizar la eliminación arbitraria de archivos protegidos. • https://www.veritas.com/support/en_US/security/VTS24-002#H1 • CWE-73: External Control of File Name or Path •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33672
https://notcve.org/view.php?id=CVE-2024-33672
26 Apr 2024 — An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. Se descubrió un problema en Veritas NetBackup antes de la versión 10.4. El agente multiproceso utilizado en NetBackup se puede aprovechar para realizar la eliminación arbitraria de archivos protegidos. • https://www.veritas.com/support/en_US/security/VTS24-001 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33673
https://notcve.org/view.php?id=CVE-2024-33673
26 Apr 2024 — An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. Se descubrió un problema en Veritas Backup Exec antes de la versión 22.2 HotFix 917391. Los controles de acceso inadecuados permiten el secuestro de DLL en la ruta de búsqueda de DLL de Windows. • https://www.veritas.com/support/en_US/security/VTS24-002#H2 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-28222
https://notcve.org/view.php?id=CVE-2024-28222
07 Mar 2024 — In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. En Veritas NetBackup anterior a 8.1.2 y NetBackup Appliance anterior a 3.1.2, el proceso BPCD valida inadecuadamente la ruta del archivo, lo que permite que un atacante no autenticado cargue y ejecute un archivo personalizado. • https://www.veritas.com/content/support/en_US/security/VTS23-010 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27283
https://notcve.org/view.php?id=CVE-2024-27283
22 Feb 2024 — A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. Se descubrió una vulnerabilidad en Veritas eDiscovery Platform antes de la versión 10.2.5. El administrador de la aplicación puede cargar archivos potencialmente maliciosos en ubicaciones arbitrarias del servidor en el que está instalada la aplicación. • https://www.veritas.com/support/en_US/security/VTS23-020 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-40256
https://notcve.org/view.php?id=CVE-2023-40256
11 Aug 2023 — A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and ... • https://www.veritas.com/content/support/en_US/security/VTS23-011 • CWE-295: Improper Certificate Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38404
https://notcve.org/view.php?id=CVE-2023-38404
17 Jul 2023 — The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server. • https://www.veritas.com/content/support/en_US/security/VTS23-009 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-37237
https://notcve.org/view.php?id=CVE-2023-37237
29 Jun 2023 — In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. • https://www.veritas.com/content/support/en_US/security/VTS23-004 • CWE-732: Incorrect Permission Assignment for Critical Resource •