Veritas Netbackup vulnerabilities
67 known vulnerabilities affecting veritas/netbackup.
Total CVEs
67
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH29MEDIUM20
Vulnerabilities
Page 1 of 4
CVE-2015-6550P2CRITICALCVSS 9.8v7.0v7.0.1+16 more2016-05-07
CVE-2015-6550 [CRITICAL] CWE-284 CVE-2015-6550: bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and
bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
nvd
CVE-2017-8856P2CRITICALCVSS 9.8≤ 8.02017-05-09
CVE-2017-8856 [CRITICAL] CWE-732 CVE-2017-8856: In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticat
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
nvd
CVE-2017-6403P3CRITICALCVSS 9.8≤ 8.02017-03-02
CVE-2017-6403 [CRITICAL] CWE-798 CVE-2017-6403: An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBacku
An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
nvd
CVE-2022-36950P2CRITICALCVSS 9.8≥ 8.0, < 8.3.0.2v9.0+1 more2022-07-27
CVE-2022-36950 [CRITICAL] CVE-2022-36950: In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote com
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
nvd
CVE-2024-28222P2CRITICALCVSS 9.8fixed in 8.1.22024-03-07
CVE-2024-28222 [CRITICAL] CWE-22 CVE-2024-28222: In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequatel
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
nvd
CVE-2017-8857P2CRITICALCVSS 9.8≤ 8.02017-05-09
CVE-2017-8857 [CRITICAL] CWE-732 CVE-2017-8857: In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticat
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
nvd
CVE-2022-36951P2CRITICALCVSS 9.8≥ 8.0, < 8.3.0.2v9.0+1 more2022-07-27
CVE-2022-36951 [CRITICAL] CVE-2022-36951: In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploi
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
nvd
CVE-2004-1389P3MEDIUMCVSS 6.0PoCv3.4.0v3.4.1+3 more2004-12-31
CVE-2004-1389 [MEDIUM] CVE-2004-1389: Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup Busi
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
nvd
CVE-2022-36986P2CRITICALCVSS 9.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36986 [CRITICAL] CVE-2022-36986: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
nvd
CVE-2022-36993P3HIGHCVSS 8.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36993 [HIGH] CVE-2022-36993: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
nvd
CVE-2022-36989P3HIGHCVSS 8.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36989 [HIGH] CVE-2022-36989: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
nvd
CVE-2022-36992P3HIGHCVSS 8.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36992 [HIGH] CVE-2022-36992: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
nvd
CVE-2022-45461P3HIGHCVSS 8.8≤ 10.12022-11-17
CVE-2022-45461 [HIGH] CWE-78 CVE-2022-45461: The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and U
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
nvd
CVE-2022-36988P3HIGHCVSS 8.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36988 [HIGH] CVE-2022-36988: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primar
nvd
CVE-2015-6552P3CRITICALCVSS 9.8v7.0v7.0.1+16 more2016-05-07
CVE-2015-6552 [CRITICAL] CWE-284 CVE-2015-6552: The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x th
The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
nvd
CVE-2017-8858P3CRITICALCVSS 9.8≤ 8.02017-05-09
CVE-2017-8858 [CRITICAL] CWE-732 CVE-2017-8858: In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticat
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
nvd
CVE-2017-6409P3CRITICALCVSS 9.8≤ 8.02017-03-02
CVE-2017-6409 [CRITICAL] CWE-306 CVE-2017-6409: An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
nvd
CVE-2022-42304P3CRITICALCVSS 9.8≤ 10.02022-10-03
CVE-2022-42304 [CRITICAL] CWE-89 CVE-2022-42304: An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBacku
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.
nvd
CVE-2022-42302P3CRITICALCVSS 9.8≤ 10.02022-10-03
CVE-2022-42302 [CRITICAL] CWE-89 CVE-2022-42302: An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBacku
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.
nvd
CVE-2022-36997P3HIGHCVSS 8.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36997 [HIGH] CWE-918 CVE-2022-36997: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of ser
nvd
1 / 4Next →