CVE-2023-37237
https://notcve.org/view.php?id=CVE-2023-37237
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. • https://www.veritas.com/content/support/en_US/security/VTS23-004 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. • https://github.com/0zvxr/CVE-2022-22965 https://github.com/alt3kx/CVE-2022-22965 https://github.com/zangcc/CVE-2022-22965-rexbb https://github.com/Kirill89/CVE-2022-22965-PoC https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce https://github.com/p1ckzi/CVE-2022-22965 https://github.com/me2nuk/CVE-2022-22965 https://github.com/light-Life/CVE-2022-22965-GUItools https://github.com/viniciuspereiras/CVE-2022-22965-poc https://github.com/itsecurityco/CVE-2022-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-9868
https://notcve.org/view.php?id=CVE-2019-9868
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versión 3.1.2. La contraseña SMTP se muestra a un administrador. • http://www.securityfocus.com/bid/107567 https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue1 • CWE-522: Insufficiently Protected Credentials •
CVE-2019-9867
https://notcve.org/view.php?id=CVE-2019-9867
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. Se ha descubierto un problema en Web Console en Veritas NetBackup Appliance hasta la versión 3.1.2. La contraseña del servidor proxy se muestra a un administrador. • http://www.securityfocus.com/bid/107567 https://www.veritas.com/content/support/en_US/security/VTS19-001.html#Issue2 • CWE-522: Insufficiently Protected Credentials •
CVE-2018-18652
https://notcve.org/view.php?id=CVE-2018-18652
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. Una vulnerabilidad de ejecución remota de comandos en Veritas NetBackup Appliance en versiones anteriores a la 3.1.2 permite que administradores autenticados ejecuten comandos arbitrarios como root. El problema viene provocado por el filtrado insuficiente de entradas proporcionadas por el usuario. • http://www.securityfocus.com/bid/105737 https://www.veritas.com/content/support/en_US/security/VTS18-003.html •