Vulnerabilities fixed in Veritas NetBackup

Vulnerabilities have been fixed in Veritas NetBackup Server and Client. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data The vulnerabilities with CVSS3 scores 9.0 and 8.0...

CVE-2022-36993

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary...

CVE-2022-36989

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary...

Hard-coded credential vulnerability in multiple Veritas products

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. A hard-coded credential vulnerability exists in multiple Veritas products. An attacker could exploit...

Local Insecure File Permissions Vulnerability in Multiple Veritas Products

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. A local insecure file permission vulnerability exists in multiple Veritas products, which can be...

Denial of Service Vulnerability in Multiple Veritas Products

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. A denial of service vulnerability exists in multiple Veritas products, which can be exploited by remo...

Multiple Veritas Product Catalog Traversal Vulnerabilities

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. A directory traversal vulnerability exists in multiple Veritas products, which could allow an attacke...

CVE-2017-6399

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client on the server or a connected client can occur...

CVE-2017-6400

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur on the local system...

Design/Logic Flaw

Unspecified vulnerability in the Java Administration GUI jnbSA in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to "bpjava binaries."...

CVE-2008-4339

Summary: CVE-2008-4339 affects Symantec Veritas NetBackup Server/Enterprise Server (versions 5.1 before MP7, 6.0 before MP7, 6.5 before 6.5.2). The vulnerability is in the Java Administration GUI (jnbSA) and allows remote authenticated users to gain privileges via unknown attack vectors related t...

VERITAS NetBackup Volume Manager Daemon buffer overflow

Added: 12/04/2005 CVE: CVE-2005-3116 BID: 15353 OSVDB: 20674 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem The Volume Manager Daemon VMD has an error in its shared library allowing for a buffer overflow. A specially crafted request sent to port...

CVE-2005-2715

Format string vulnerability in the Java user interface service bpjava-msvc daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMANDLOGONTOMSERVER command...