CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-40256
https://notcve.org/view.php?id=CVE-2023-40256
11 Aug 2023 — A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and ... • https://www.veritas.com/content/support/en_US/security/VTS23-011 • CWE-295: Improper Certificate Validation •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26789
https://notcve.org/view.php?id=CVE-2023-26789
05 Apr 2023 — Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser. • https://github.com/IthacaLabs/Veritas-Technologies • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28759
https://notcve.org/view.php?id=CVE-2023-28759
23 Mar 2023 — An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. • https://www.veritas.com/content/support/en_US/security/VTS23-006 • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-45461
https://notcve.org/view.php?id=CVE-2022-45461
17 Nov 2022 — The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. La Consola de administración de Java en Veritas NetBackup hasta 10.1 y productos Veritas relacionados en Linux y UNIX permite a usuarios no root autenticados (que se han agregado explícitamente al archivo auth.conf) ejecutar comandos arbitrarios como root. • https://www.veritas.com/content/support/en_US/security/VTS22-015 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42299
https://notcve.org/view.php?id=CVE-2022-42299
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de denegación de servicio mediante el servicio DiscoveryService • https://www.veritas.com/content/support/en_US/security/VTS22-012#M3 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42300
https://notcve.org/view.php?id=CVE-2022-42300
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El proceso nbars del servidor primario de NetBackup puede bloquearse resultando en una denegación de servicio. • https://www.veritas.com/content/support/en_US/security/VTS22-013#M2 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42301
https://notcve.org/view.php?id=CVE-2022-42301
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) mediante el proceso nbars • https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42302
https://notcve.org/view.php?id=CVE-2022-42302
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y productos relacionados de Veritas. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL afectando al servicio NBFSMCLIENT • https://www.veritas.com/content/support/en_US/security/VTS22-011#C1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42303
https://notcve.org/view.php?id=CVE-2022-42303
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y en los productos de Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL de segundo orden afectando al servicio NBFSMCLIENT aprovechando CVE-2022-42302 • https://www.veritas.com/content/support/en_US/security/VTS22-011#H1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42304
https://notcve.org/view.php?id=CVE-2022-42304
03 Oct 2022 — An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0 y los productos Veritas relacionados. El servidor primario de NetBackup es vulnerable a un ataque de inyección SQL que afecta al código de los gestores idm, nbars y SLP • https://www.veritas.com/content/support/en_US/security/VTS22-011#H2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •