cbcvebase.

Veritas Netbackup vulnerabilities

67 known vulnerabilities affecting veritas/netbackup.

Total CVEs
67
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL18HIGH29MEDIUM20

Vulnerabilities

Page 2 of 4
CVE-2022-42301P3HIGHCVSS 8.8≤ 10.0.0.12022-10-03
CVE-2022-42301 [HIGH] CWE-611 CVE-2022-42301: An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
nvd
CVE-2022-42307P3CRITICALCVSS 9.8≤ 10.0.0.12022-10-03
CVE-2022-42307 [CRITICAL] CWE-611 CVE-2022-42307: An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
nvd
CVE-2020-36163P3HIGHCVSS 8.8≤ 8.3.0.12021-01-06
CVE-2020-36163 [HIGH] CVE-2020-36163: An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes usin An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an af
nvd
CVE-2022-42303P3CRITICALCVSS 9.8≤ 10.02022-10-03
CVE-2022-42303 [CRITICAL] CVE-2022-42303: An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBacku An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
nvd
CVE-2022-36952P3CRITICALCVSS 9.8≥ 8.0, < 8.3.0.2v9.0+1 more2022-07-27
CVE-2022-36952 [CRITICAL] CWE-798 CVE-2022-36952: In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the und In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
nvd
CVE-2006-0989P3CRITICALCVSS 9.0v4.5.0v5.0+2 more2006-03-28
CVE-2006-0989 [CRITICAL] CVE-2006-0989: Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Serve Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2020-36169P3HIGHCVSS 8.8≤ 8.3.0.12021-01-06
CVE-2020-36169 [HIGH] CVE-2020-36169: An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processe An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an aff
nvd
CVE-2022-36956P3HIGHCVSS 7.5v9.0v9.1.0.02022-07-27
CVE-2022-36956 [HIGH] CVE-2022-36956: In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host t In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.
nvd
CVE-2006-0990P3CRITICALCVSS 9.0v4.5.0v5.0+2 more2006-03-28
CVE-2006-0990 [CRITICAL] CVE-2006-0990: Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2006-0991P3HIGHCVSS 7.1v4.5.0v5.0+2 more2006-03-28
CVE-2006-0991 [HIGH] CVE-2006-0991: Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 fo Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
nvd
CVE-2017-6407P3HIGHCVSS 8.8≤ 7.7.12017-03-02
CVE-2017-6407 [HIGH] CVE-2017-6407: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Priv An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
nvd
CVE-2017-6399P3HIGHCVSS 8.8≤ 7.7.12017-03-02
CVE-2017-6399 [HIGH] CVE-2017-6399: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Priv An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
nvd
CVE-2017-6406P3HIGHCVSS 8.8≤ 7.7.12017-03-02
CVE-2017-6406 [HIGH] CVE-2017-6406: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbi An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
nvd
CVE-2022-36955P3HIGHCVSS 8.4≥ 8.0, ≤ 8.1.2≥ 8.3.0.0, ≤ 8.3.0.2+3 more2022-07-27
CVE-2022-36955 [HIGH] CVE-2022-36955: In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send spec In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.
nvd
CVE-2017-6400P3HIGHCVSS 8.8≤ 7.7.12017-03-02
CVE-2017-6400 [HIGH] CVE-2017-6400: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Priv An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
nvd
CVE-2022-36990P3MEDIUMCVSS 6.5v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36990 [MEDIUM] CVE-2022-36990: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
nvd
CVE-2024-52945P3HIGHCVSS 7.8fixed in 10.52024-11-18
CVE-2024-52945 [HIGH] CWE-94 CVE-2024-52945: An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's co
nvd
CVE-2022-36985P3HIGHCVSS 7.8v8.1.1v8.1.2+8 more2022-07-28
CVE-2022-36985 [HIGH] CVE-2022-36985: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
nvd
CVE-2020-37045P3HIGHCVSS 7.8v7.02026-02-01
CVE-2020-37045 [HIGH] CWE-428 CVE-2020-37045: Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon s Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.
nvd
CVE-2022-42305P3HIGHCVSS 7.5≤ 10.0.0.12022-10-03
CVE-2022-42305 [HIGH] CWE-22 CVE-2022-42305: An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetB An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.
nvd
Veritas Netbackup vulnerabilities | cvebase