CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46411
https://notcve.org/view.php?id=CVE-2022-46411
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. Una contraseña predeterminada persiste después de la instalación y puede descubrirse y usarse para escalar privilegios. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue3 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-46413
https://notcve.org/view.php?id=CVE-2022-46413
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. La ejecución de comandos remotos autenticados puede ocurrir a través del portal de administración. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue2 •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-46414
https://notcve.org/view.php?id=CVE-2022-46414
04 Dec 2022 — An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal. Se descubrió un problema en Veritas NetBackup Flex Scale hasta 3.0 y Access Appliance hasta 8.0.100. La ejecución de comandos remotos no autenticados puede ocurrir a través del portal de administración. • https://www.veritas.com/content/support/en_US/security/VTS22-019#issue1 •
CVSS: 9.8EPSS: 94%CPEs: 97EXPL: 82CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
01 Apr 2022 — A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser ... • https://packetstorm.news/files/id/167011 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 6%CPEs: 11EXPL: 0CVE-2019-18780
https://notcve.org/view.php?id=CVE-2019-18780
05 Nov 2019 — An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, St... • https://www.veritas.com/content/support/en_US/security/VTS19-003 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6399
https://notcve.org/view.php?id=CVE-2017-6399
02 Mar 2017 — An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado). • http://www.securityfocus.com/bid/96490 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6400
https://notcve.org/view.php?id=CVE-2017-6400
02 Mar 2017 — An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución privilegiada de comandos en NetBackup Server y Client (en el sistema local). • http://www.securityfocus.com/bid/96484 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6406
https://notcve.org/view.php?id=CVE-2017-6406
02 Mar 2017 — An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur. Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución arbitraria de comandos privilegiados, usando el escape del directorio de lista blanca con subcadenas "../". • http://www.securityfocus.com/bid/96486 •