5 matches found
CVE-2024-33672
CVE-2024-33672 affects Veritas NetBackup prior to 10.4. The Multi-Threaded Agent can be used to perform arbitrary file deletion on protected files, per multiple connected sources. Reported impact includes high confidentiality/availability implications (C/I = HIGH, A = HIGH) with local attack vect...
CVE-2023-28759
CVE-2023-28759 affects Veritas NetBackup on Windows prior to 10.0. The issue stems from the NetBackup client’s loading of DLLs, where path validation may allow a lower-privileged user to elevate privileges and compromise the system. Impact includes local privilege escalation; remediation is to up...
CVE-2024-28222
CVE-2024-28222 affects Veritas NetBackup prior to 8.1.2 and NetBackup Appliance prior to 3.1.2. The BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. Impact is impactful: high confidentiality, integrity, and availability r...
CVE-2024-52945
CVE-2024-52945 affects Veritas NetBackup before 10.5 on Windows. The issue arises when a user executes certain NetBackup commands (or is social-engineered to do so), allowing a malicious DLL to load and execute the attacker’s code in the user’s security context. Root cause cited in PT-2024-8334 i...
CVE-2023-28758
Veritas NetBackup pre-8.3.0.2 is affected by CVE-2023-28758. The BPCD component allows an unprivileged user to specify a log file path when running a NetBackup command, enabling overwriting of existing NetBackup log files. This is a local impact with potential log tampering. Remediation: upgrade ...