cbcvebase.

Veritas Netbackup Appliance vulnerabilities

41 known vulnerabilities affecting veritas/netbackup_appliance.

Total CVEs
41
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL11HIGH17MEDIUM13

Vulnerabilities

Page 1 of 3
CVE-2022-22965P1CRITICALCVSS 9.8KEVPoCRansomwarev4.0v4.0.0.1+2 more2022-04-01
CVE-2022-22965 [CRITICAL] CWE-94 CVE-2022-22965: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execut A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature
nvd
CVE-2015-6550P2CRITICALCVSS 9.8v1.1.0.1v1.1.0.2+17 more2016-05-07
CVE-2015-6550 [CRITICAL] CWE-284 CVE-2015-6550: bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
nvd
CVE-2017-8856P2CRITICALCVSS 9.8≤ 3.02017-05-09
CVE-2017-8856 [CRITICAL] CWE-732 CVE-2017-8856: In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticat In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
nvd
CVE-2017-6403P3CRITICALCVSS 9.8≤ 3.02017-03-02
CVE-2017-6403 [CRITICAL] CWE-798 CVE-2017-6403: An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBacku An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
nvd
CVE-2024-28222P2CRITICALCVSS 9.8fixed in 3.1.22024-03-07
CVE-2024-28222 [CRITICAL] CWE-22 CVE-2024-28222: In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequatel In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
nvd
CVE-2017-8857P2CRITICALCVSS 9.8≤ 3.02017-05-09
CVE-2017-8857 [CRITICAL] CWE-732 CVE-2017-8857: In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticat In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
nvd
CVE-2017-8859P2CRITICALCVSS 9.8≤ 2.7.2v2.7.3+1 more2017-05-09
CVE-2017-8859 [CRITICAL] CVE-2017-8859: In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
nvd
CVE-2022-36986P2CRITICALCVSS 9.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36986 [CRITICAL] CVE-2022-36986: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
nvd
CVE-2022-36993P3HIGHCVSS 8.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36993 [HIGH] CVE-2022-36993: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
nvd
CVE-2022-36989P3HIGHCVSS 8.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36989 [HIGH] CVE-2022-36989: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
nvd
CVE-2022-36992P3HIGHCVSS 8.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36992 [HIGH] CVE-2022-36992: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
nvd
CVE-2022-36988P3HIGHCVSS 8.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36988 [HIGH] CVE-2022-36988: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primar
nvd
CVE-2015-6552P3CRITICALCVSS 9.8v1.1.0.1v1.1.0.2+17 more2016-05-07
CVE-2015-6552 [CRITICAL] CWE-284 CVE-2015-6552: The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x th The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
nvd
CVE-2017-8858P3CRITICALCVSS 9.8≤ 3.02017-05-09
CVE-2017-8858 [CRITICAL] CWE-732 CVE-2017-8858: In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticat In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
nvd
CVE-2017-6409P3CRITICALCVSS 9.8≤ 3.02017-03-02
CVE-2017-6409 [CRITICAL] CWE-306 CVE-2017-6409: An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
nvd
CVE-2018-18652P3HIGHCVSS 7.2fixed in 3.1.22018-10-25
CVE-2018-18652 [HIGH] CVE-2018-18652: A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenti A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
nvd
CVE-2022-36997P3HIGHCVSS 8.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36997 [HIGH] CWE-918 CVE-2022-36997: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of ser
nvd
CVE-2023-37237P3HIGHCVSS 7.2fixed in 4.1.0.1v4.1.0.12023-06-29
CVE-2023-37237 [HIGH] CWE-732 CVE-2023-37237: In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated A In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
nvd
CVE-2017-6407P3HIGHCVSS 8.8≤ 2.7.12017-03-02
CVE-2017-6407 [HIGH] CVE-2017-6407: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Priv An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
nvd
CVE-2017-6399P3HIGHCVSS 8.8≤ 2.7.12017-03-02
CVE-2017-6399 [HIGH] CVE-2017-6399: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Priv An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
nvd
Veritas Netbackup Appliance vulnerabilities | cvebase