Filtered by vendor Veritas
Subscribe
Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36993 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2022-08-09 | N/A | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server. | |||||
| CVE-2022-36994 | 1 Veritas | 4 Flex Appliance, Flex Scale, Netbackup and 1 more | 2022-08-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server. | |||||
| CVE-2022-36956 | 1 Veritas | 1 Netbackup | 2022-08-04 | N/A | 7.5 HIGH |
| In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. | |||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 5.4 MEDIUM |
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36954 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 6.5 MEDIUM |
| In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36955 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 8.4 HIGH |
| In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. | |||||
| CVE-2022-36953 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 4.3 MEDIUM |
| In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36952 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 9.8 CRITICAL |
| In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36951 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 9.8 CRITICAL |
| In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36950 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 9.8 CRITICAL |
| In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36949 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 7.8 HIGH |
| In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2021-41570 | 1 Veritas | 1 Netbackup | 2022-04-27 | 3.5 LOW | 5.4 MEDIUM |
| Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. | |||||
| CVE-2022-26778 | 1 Veritas | 1 System Recovery | 2022-03-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | |||||
| CVE-2022-26484 | 1 Veritas | 1 Infoscale Operations Manager | 2022-03-11 | 6.8 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files. | |||||
| CVE-2022-26483 | 1 Veritas | 1 Infoscale Operations Manager | 2022-03-11 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization). | |||||
| CVE-2021-44677 | 1 Veritas | 1 Enterprise Vault | 2022-03-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078). | |||||
| CVE-2021-44680 | 1 Veritas | 1 Enterprise Vault | 2022-03-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075). | |||||
| CVE-2021-44682 | 1 Veritas | 1 Enterprise Vault | 2022-03-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079). | |||||
| CVE-2021-44678 | 1 Veritas | 1 Enterprise Vault | 2022-03-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076). | |||||
| CVE-2021-44679 | 1 Veritas | 1 Enterprise Vault | 2022-03-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074). | |||||