Netbackup Appliance Security Vulnerabilities and Issues — Netbackup Appliance CVE List

Lucene search

VeritasNetbackup Appliance

9 matches found

CVE•added 2022/04/01 11:15 p.m.•2212 views

CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is...

9.8CVSS8.7AI score0.9446EPSS

CVE•added 2022/07/28 1:15 a.m.•95 views

CVE-2022-36986

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.

9.8CVSS9.7AI score0.00218EPSS

CVE•added 2022/07/28 1:15 a.m.•69 views

CVE-2022-36990

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from...

9.6CVSS6.3AI score0.00268EPSS

CVE•added 2022/07/28 1:15 a.m.•56 views

CVE-2022-36992

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary...

9.9CVSS8.7AI score0.00355EPSS

CVE•added 2017/03/02 6:59 a.m.•55 views

CVE-2017-6403

An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.

9.8CVSS9.3AI score0.0246EPSS

CVE•added 2024/03/07 7:15 a.m.•55 views

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

9.8CVSS9.4AI score0.00894EPSS

CVE•added 2017/03/02 6:59 a.m.•50 views

CVE-2017-6409

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.

9.8CVSS9.3AI score0.00528EPSS

CVE•added 2017/05/09 9:29 p.m.•45 views

CVE-2017-8856

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

9.8CVSS9.6AI score0.02573EPSS

CVE•added 2018/10/25 11:29 p.m.•37 views

CVE-2018-18652

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.

9CVSS7.4AI score0.01351EPSS