CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26788
https://notcve.org/view.php?id=CVE-2023-26788
10 Apr 2023 — Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. • https://github.com/IthacaLabs/Veritas-Technologies • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 13%CPEs: 13EXPL: 0CVE-2016-7399
https://notcve.org/view.php?id=CVE-2016-7399
04 Jan 2017 — scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. scripts/license.pl en Veritas NetBackup Appliance 2.6.0.x hasta la versión 2.6.0.4, 2.6.1.x hasta la versión 2.6.1.2, 2.7.x hasta la versión 2.7.3 y 3.0.x permiten a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell ... • http://www.sec-1.com/blog/2016/veritas-netbackup-appliance-unauthenticated-remote-command-execution • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •