Filtered by vendor Veritas
Subscribe
Total
120 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42301 | 1 Veritas | 1 Netbackup | 2023-12-10 | N/A | 8.8 HIGH |
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. | |||||
CVE-2022-42300 | 1 Veritas | 1 Netbackup | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.) | |||||
CVE-2022-42305 | 1 Veritas | 1 Netbackup | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service. | |||||
CVE-2022-36986 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server. | |||||
CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2023-12-10 | N/A | 6.5 MEDIUM |
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
CVE-2022-36985 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 7.8 HIGH |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges. | |||||
CVE-2022-36995 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 4.3 MEDIUM |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server. | |||||
CVE-2022-36990 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server. | |||||
CVE-2022-36991 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server. | |||||
CVE-2022-36992 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions). | |||||
CVE-2022-42304 | 1 Veritas | 1 Netbackup | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code. | |||||
CVE-2022-36997 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 8.8 HIGH |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service. | |||||
CVE-2022-36949 | 1 Veritas | 1 Netbackup | 2023-12-10 | N/A | 7.8 HIGH |
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
CVE-2022-41319 | 1 Veritas | 1 Desktop And Laptop Option | 2023-12-10 | N/A | 6.1 MEDIUM |
A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). | |||||
CVE-2022-37000 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2023-12-10 | N/A | 6.5 MEDIUM |
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server. | |||||
CVE-2021-41570 | 1 Veritas | 1 Netbackup | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. | |||||
CVE-2022-22965 | 5 Cisco, Oracle, Siemens and 2 more | 38 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 35 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | |||||
CVE-2022-26778 | 1 Veritas | 1 System Recovery | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
CVE-2022-26484 | 1 Veritas | 1 Infoscale Operations Manager | 2023-12-10 | 6.8 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | |||||
CVE-2022-26483 | 1 Veritas | 1 Infoscale Operations Manager | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). |