CVE-2022-36991

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path o...

CVE-2022-36993

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary...

CVE-2022-36988

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server c...

CVE-2022-36989

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary...

CVE-2022-36987

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.

CVE-2022-36955

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.

CVE-2022-36997

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read,...

CVE-2017-6400

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).

CVE-2022-42301

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

CVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.

CVE-2017-6407

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.

CVE-2017-6399

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.