CVE-2022-36991
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
22.7%
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| veritas | flex_appliance | 1.2 | cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:* |
| veritas | flex_appliance | 1.3 | cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:* |
| veritas | flex_appliance | 2.0 | cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:* |
| veritas | flex_appliance | 2.0.1 | cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:* |
| veritas | flex_appliance | 2.0.2 | cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:* |
| veritas | flex_appliance | 2.1 | cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:* |
| veritas | flex_scale | 1.3.1 | cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:* |
| veritas | flex_scale | 2.1 | cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:* |
| veritas | netbackup | 8.1.1 | cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:* |
| veritas | netbackup | 8.1.2 | cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
22.7%