CVE-2023-28758

An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files...

CVE-2023-28759

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system...

CVE-2023-28758

Veritas NetBackup pre-8.3.0.2 is affected by CVE-2023-28758. The BPCD component allows an unprivileged user to specify a log file path when running a NetBackup command, enabling overwriting of existing NetBackup log files. This is a local impact with potential log tampering. Remediation: upgrade ...

The vulnerability of the Java Admin Console software tools for backup and data restoration in NetBackup Appliances and NetBackup allows a malicious actor to execute arbitrary commands as the root user.

The vulnerability of the Java Admin Console software tools for backup and recovery operations of NetBackup Appliances and NetBackup relates to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability could allow a malicious actor t...

CVE-2022-46414

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal...

CVE-2022-46412

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands...

CVE-2022-46413

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal...

CVE-2022-46413

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal...

CVE-2022-46411

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges...

CVE-2022-46411

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges...

CVE-2022-46412

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands...

CVE-2022-46414

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal...

CVE-2022-46410

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands...

CVE-2022-46410

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands...

Command injection

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal...

Command injection

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal...

Command injection

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands...

Command injection

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands...

Default credentials

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges...

PT-2022-27861 · Veritas · Veritas Netbackup Flex Scale

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Flex Scale versions through 3.0 Description: An issue was discovered that allows a non-privileged user to escape a restricted shell and execute privileged commands. Recommendations: For Veritas NetBackup Flex Scale versions...