Command injection

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...

Design/Logic Flaw

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

Design/Logic Flaw

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36948

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36948

CVE-2022-36948 describes a DOM-based XSS in Veritas NetBackup OpsCenter. Affected versions are 8.x–8.3.0.2, 9.x–9.0.0.1, 9.1.x–9.1.0.1, and 10. The connected PT-2022-23695 entry provides remediation guidance: upgrade to a version later than 8.3.0.2 for 8.x, later than 9.0.0.1 for 9.x, later than ...

CVE-2022-36949

This CVE affects Veritas NetBackup OpsCenter versions 8.x–8.3.0.2, 9.x–9.0.0.1, 9.1.x–9.1.0.1, and 10, where an attacker with local access could potentially escalate privileges. Root cause and exploit details are not expanded beyond local access privilege escalation in the provided documents. Mit...

CVE-2022-36949

In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36950

Veritas NetBackup OpsCenter is affected by CVE-2022-36950 via unauthenticated Java classloader manipulation leading to remote code execution. Affected versions include 8.x–8.3.0.2, 9.x–9.0.0.1, 9.1.x–9.1.0.1, and 10. Public advisories consistently describe an unauthenticated remote attacker able ...

CVE-2022-36950

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36951

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36951

CVE-2022-36951 affects Veritas NetBackup OpsCenter. Affected versions include 8.x–8.3.0.2, 9.x–9.0.0.1, 9.1.x–9.1.0.1, and 10. An unauthenticated remote attacker may compromise the host by exploiting a patched vulnerability. Remediation guidance provided by PT-2022-23698 recommends upgrading to l...

CVE-2022-36952

CVE-2022-36952 affects Veritas NetBackup OpsCenter due to a hard-coded credential that can be used to exploit the VxSS subsystem. Affected versions are 8.x–8.3.0.2, 9.x–9.0.0.1, 9.1.x–9.1.0.1, and 10. The issue is documented across multiple sources (NVD/NIST, Red Hat advisory, and third-party CVE...

CVE-2022-36952

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36953

CVE-2022-36953 affects Veritas NetBackup OpsCenter. An unauthenticated remote attacker could gain sensitive information (information disclosure) via certain endpoints. Affected versions: 8.x through 8.3.0.2; 9.x through 9.0.0.1; 9.1.x through 9.1.0.1; and 10.0. The NVD CVSS base score is 4.3 (Net...

CVE-2022-36953

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36954

Veritas NetBackup OpsCenter is affected by CVE-2022-36954. An authenticated remote attacker may be able to create or modify OpsCenter user accounts under specific conditions. Affected versions include NetBackup OpsCenter 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. Mit...

CVE-2022-36954

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

CVE-2022-36955

CVE-2022-36955 — Veritas NetBackup privilege escalation : A local, unprivileged attacker able to access a NetBackup Client can issue specific commands to elevate privileges. Affected versions include 8.0–8.1.2, 8.2, 8.3–8.3.0.2, 9.0.0.0–9.0.0.1, and 9.1.0.0–9.1.0.1. The connected PT-2022-23702 en...

CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1...

CVE-2022-36956

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...