CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-28818
https://notcve.org/view.php?id=CVE-2023-28818
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors. • https://www.veritas.com/content/support/en_US/security/VTS23-002 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-36161
https://notcve.org/view.php?id=CVE-2020-36161
An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 before 10.5P3. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a directory at the configuration file locations. When the Windows system restarts, a malicious OpenSSL engine could exploit arbitrary code execution as SYSTEM. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. • https://www.veritas.com/content/support/en_US/security/VTS20-009 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27156
https://notcve.org/view.php?id=CVE-2020-27156
Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. Veritas APTARE versiones anteriores a 10.5, no llevaron a cabo unas comprobaciones de autorización adecuadas. Esta vulnerabilidad podría permitir una ejecución de código remota por parte de un usuario no autenticado • https://www.veritas.com/content/support/en_US/security/VTS20-006#issue1 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27157
https://notcve.org/view.php?id=CVE-2020-27157
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. Veritas APTARE versiones anteriores a 10.5, incluían un código que omitía el proceso de inicio de sesión normal cuando se proporcionaban credenciales de autenticación específicas al servidor. Un usuario no autenticado podría iniciar sesión en la aplicación y conseguir acceso a los datos y la funcionalidad accesible a la cuenta de usuario apuntada • https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12874
https://notcve.org/view.php?id=CVE-2020-12874
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. Veritas APTARE versiones anteriores a 10.4, incluían código que omitía el proceso de inicio de sesión normal cuando eran proporcionadas credenciales de autenticación específicas al servidor. • https://www.veritas.com/content/support/en_US/security/VTS20-003 • CWE-287: Improper Authentication •