Lucene search
+L

5 matches found

CVE
CVE
added 2024/04/26 12:0 a.m.129 views

CVE-2024-33672

CVE-2024-33672 affects Veritas NetBackup prior to 10.4. The Multi-Threaded Agent can be used to perform arbitrary file deletion on protected files, per multiple connected sources. Reported impact includes high confidentiality/availability implications (C/I = HIGH, A = HIGH) with local attack vect...

7.7CVSS6.8AI score0.00168EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.110 views

CVE-2023-28759

CVE-2023-28759 affects Veritas NetBackup on Windows prior to 10.0. The issue stems from the NetBackup client’s loading of DLLs, where path validation may allow a lower-privileged user to elevate privileges and compromise the system. Impact includes local privilege escalation; remediation is to up...

7.8CVSS7.4AI score0.0019EPSS
CVE
CVE
added 2024/03/07 12:0 a.m.88 views

CVE-2024-28222

CVE-2024-28222 affects Veritas NetBackup prior to 8.1.2 and NetBackup Appliance prior to 3.1.2. The BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. Impact is impactful: high confidentiality, integrity, and availability r...

9.8CVSS9.4AI score0.00989EPSS
CVE
CVE
added 2024/11/18 12:0 a.m.66 views

CVE-2024-52945

CVE-2024-52945 affects Veritas NetBackup before 10.5 on Windows. The issue arises when a user executes certain NetBackup commands (or is social-engineered to do so), allowing a malicious DLL to load and execute the attacker’s code in the user’s security context. Root cause cited in PT-2024-8334 i...

7.8CVSS7.6AI score0.00228EPSS
CVE
CVE
added 2023/03/23 12:0 a.m.63 views

CVE-2023-28758

Veritas NetBackup pre-8.3.0.2 is affected by CVE-2023-28758. The BPCD component allows an unprivileged user to specify a log file path when running a NetBackup command, enabling overwriting of existing NetBackup log files. This is a local impact with potential log tampering. Remediation: upgrade ...

7.1CVSS6.8AI score0.00153EPSS