Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9867 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | |||||
| CVE-2018-18652 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 9.0 HIGH | 7.2 HIGH |
| A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | |||||
| CVE-2019-9868 | 1 Veritas | 1 Netbackup Appliance | 2020-08-24 | 4.0 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | |||||
| CVE-2017-6399 | 1 Veritas | 3 Access, Netbackup, Netbackup Appliance | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | |||||
| CVE-2017-6407 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur. | |||||
| CVE-2017-8859 | 1 Veritas | 1 Netbackup Appliance | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | |||||
| CVE-2017-6408 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured. | |||||
| CVE-2017-8857 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-6400 | 1 Veritas | 3 Access, Netbackup, Netbackup Appliance | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system). | |||||
| CVE-2017-6404 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data. | |||||
| CVE-2017-8856 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process. | |||||
| CVE-2017-6409 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access. | |||||
| CVE-2017-6405 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing. | |||||
| CVE-2017-6401 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat. | |||||
| CVE-2017-6406 | 1 Veritas | 3 Access, Netbackup, Netbackup Appliance | 2019-10-03 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur. | |||||
| CVE-2017-8858 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. | |||||
| CVE-2017-6402 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur. | |||||
| CVE-2016-7399 | 1 Veritas | 2 Netbackup Appliance, Netbackup Appliance Firmware | 2017-07-27 | 10.0 HIGH | 9.8 CRITICAL |
| scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | |||||
| CVE-2017-6403 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2017-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password. | |||||
| CVE-2015-6551 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2016-12-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. | |||||