CVE-2009-3027

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICAL

EPSS

43.9%

top 2.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Backup Exec Continuous Protection Server Symantec Veritas Application Director Symantec Veritas Backup Exec +20 more

Timeline

PublishedDec 11

Latest updateMay 2

Description

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas…

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages15 packages

▶NVDsymantec/veritas_storage_foundation_cluster_file_system4 versions+3

▶NVDsymantec/veritas_storage_foundation_manager6 versions+5

▶NVDsymantec/veritas_storage_foundation10 versions+9

▶NVDsymantec/veritas_command_central_storage_change_manager5.0, 5.1+1

▶NVDsymantec/veritas_command_central_storage4.x, 5.0, 5.1+2

Patches

Patch: marc.info ↗Patch: seer.entsupport.symantec.com ↗Patch: seer.entsupport.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-xf95-c5hq-2g93: VRTSweb↗2022-05-02

▶

CVEList

CVE-2009-3027: VRTSweb↗2009-12-11

▶