Veritas Netbackup Appliance vulnerabilities
41 known vulnerabilities affecting veritas/netbackup_appliance.
Total CVEs
41
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL11HIGH17MEDIUM13
Vulnerabilities
Page 2 of 3
CVE-2017-6406P3HIGHCVSS 8.8≤ 2.7.12017-03-02
CVE-2017-6406 [HIGH] CVE-2017-6406: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbi
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
nvd
CVE-2017-6400P3HIGHCVSS 8.8≤ 2.7.12017-03-02
CVE-2017-6400 [HIGH] CVE-2017-6400: An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Priv
An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
nvd
CVE-2022-36990P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36990 [MEDIUM] CVE-2022-36990: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
nvd
CVE-2022-36985P3HIGHCVSS 7.8v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36985 [HIGH] CVE-2022-36985: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
nvd
CVE-2019-9867P3HIGHCVSS 7.2≤ 3.1.22019-03-21
CVE-2019-9867 [HIGH] CWE-522 CVE-2019-9867: An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy s
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
nvd
CVE-2022-37000P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-37000 [MEDIUM] CVE-2022-37000: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
nvd
CVE-2022-36999P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36999 [MEDIUM] CVE-2022-36999: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
nvd
CVE-2019-9868P3HIGHCVSS 7.2≤ 3.1.22019-03-21
CVE-2019-9868 [HIGH] CWE-522 CVE-2019-9868: An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP pa
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
nvd
CVE-2022-36994P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36994 [MEDIUM] CVE-2022-36994: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
nvd
CVE-2017-6401P3HIGHCVSS 7.8≤ 3.02017-03-02
CVE-2017-6401 [HIGH] CWE-269 CVE-2017-6401: An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local ar
An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
nvd
CVE-2022-36987P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36987 [MEDIUM] CVE-2022-36987: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
nvd
CVE-2022-36996P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36996 [MEDIUM] CVE-2022-36996: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
nvd
CVE-2022-36991P3MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36991 [MEDIUM] CVE-2022-36991: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
nvd
CVE-2017-6405P4HIGHCVSS 7.5≤ 3.02017-03-02
CVE-2017-6405 [HIGH] CWE-290 CVE-2017-6405: An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
nvd
CVE-2022-36998P4MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36998 [MEDIUM] CWE-787 CVE-2022-36998: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of servi
nvd
CVE-2022-36984P4MEDIUMCVSS 6.5v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36984 [MEDIUM] CVE-2022-36984: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
nvd
CVE-2015-6551P4MEDIUMCVSS 5.9v1.1.0.1v1.1.0.2+17 more2016-05-07
CVE-2015-6551 [MEDIUM] CWE-200 CVE-2015-6551: Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.
Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
nvd
CVE-2017-6408P4HIGHCVSS 7.0≤ 3.02017-03-02
CVE-2017-6408 [HIGH] CWE-362 CVE-2017-6408: An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
nvd
CVE-2017-6402P4MEDIUMCVSS 6.5≤ 3.02017-03-02
CVE-2017-6402 [MEDIUM] CVE-2017-6402: An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier
An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
nvd
CVE-2022-36995P4MEDIUMCVSS 4.3v3.1.1v3.1.2+7 more2022-07-28
CVE-2022-36995 [MEDIUM] CVE-2022-36995: An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x th
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
nvd