PT-2022-27860 · Veritas · Veritas Netbackup Access Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Flex Scale versions 1.0 through 3.0 Veritas NetBackup Access Appliance versions 8.0.0 through 8.0.100 Description: An issue was discovered where a default password is persisted after installation and may be discovered and us...

CVE-2022-46411

Veritas NetBackup Flex Scale (versions 1.0–3.0) and NetBackup Access Appliance (versions 8.0.0–8.0.100) are affected by a default-password issue that persists post-install, enabling potential privilege escalation if the credentials are discovered. The vulnerability is caused by retained default c...

PT-2022-27862 · Veritas · Veritas Netbackup Access Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Flex Scale versions 1.0 through 3.0 Veritas NetBackup Access Appliance versions 1.0 through 8.0.100 Description: An issue was discovered that allows authenticated remote command execution via the management portal...

CVE-2022-46410

CVE-2022-46410 affects Veritas NetBackup Flex Scale up to version 3.0. An attacker with non-root privileges can escalate to root by using specific commands. The available sources confirm a privilege-escalation vulnerability with high severity (CVSS v3.1: 8.8, HIGH) affecting the product, but do n...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

Design/Logic Flaw

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

CVE-2022-45461

Summary of CVE-2022-45461 (Veritas NetBackup) : The issue affects the Java Admin Console in Veritas NetBackup (through version 10.1) on Linux/UNIX. Authentication by non-root users who are added to auth.conf may lead to arbitrary commands being executed as root, due to failure to neutralize speci...

Veritas Technologies NetBackup 操作系统命令注入漏洞

Veritas Technologies NetBackup is a storage service from Veritas Technologies, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection for metadata, virtual environments, and other environmental...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

PT-2022-6068 · Veritas · Veritas Netbackup Appliance +1

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions through 10.1 Veritas NetBackup Appliance versions affected versions not specified Related Veritas products on Linux and UNIX versions affected versions not specified Description: The Java Admin Console in Veritas...

Veritas NetBackup DiscoveryService Service XML External Entity Injection Vulnerability

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...

Veritas NetBackup pbx_exchange denial of service vulnerability

Veritas NetBackup is a storage service from Veritas that is used to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 8.2 and prior versions contain a denial-of-service vulnerability that could be exploited by an attacker with local access to send a construct...

CVE-2022-42308

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbxexchange registration code...

CVE-2022-42307

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity XXE Injection attack through the DiscoveryService service...

CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...

CVE-2022-42308

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbxexchange registration code...

CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...

CVE-2022-42307

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity XXE Injection attack through the DiscoveryService service...