Vulnerabilites related to veritas - flex_scale
cve-2022-36991
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h5x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:53:39",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36991",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36991",
    "datePublished": "2022-07-28T00:53:39",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36986
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h3x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:56:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36986",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36986",
    "datePublished": "2022-07-28T00:56:03",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36999
Vulnerability from cvelistv5
Published
2022-07-28 00:48
Modified
2024-08-03 10:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m2x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:48:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36999",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36999",
    "datePublished": "2022-07-28T00:48:49",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36984
Vulnerability from cvelistv5
Published
2022-07-28 00:57
Modified
2024-08-03 10:21
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h8x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36984",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36984",
    "datePublished": "2022-07-28T00:57:02",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36988
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h6x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.338Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:55:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36988",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:H/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36988",
    "datePublished": "2022-07-28T00:55:06",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36994
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m4x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:52:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36994",
    "datePublished": "2022-07-28T00:52:07",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-37000
Vulnerability from cvelistv5
Published
2022-07-28 00:47
Modified
2024-08-03 10:21
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m1x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:47:45",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-37000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-37000",
    "datePublished": "2022-07-28T00:47:45",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36985
Vulnerability from cvelistv5
Published
2022-07-28 00:56
Modified
2024-08-03 10:21
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h7x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:56:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36985",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36985",
    "datePublished": "2022-07-28T00:56:33",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36997
Vulnerability from cvelistv5
Published
2022-07-28 00:50
Modified
2024-08-03 10:21
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h9x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:50:36",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36997",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36997",
    "datePublished": "2022-07-28T00:50:36",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36989
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h2x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:54:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36989",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36989",
    "datePublished": "2022-07-28T00:54:44",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36993
Vulnerability from cvelistv5
Published
2022-07-28 00:52
Modified
2024-08-03 10:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h1x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:52:38",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36993",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36993",
    "datePublished": "2022-07-28T00:52:38",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36992
Vulnerability from cvelistv5
Published
2022-07-28 00:53
Modified
2024-08-03 10:21
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#c1x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:53:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36992",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36992",
    "datePublished": "2022-07-28T00:53:07",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.445Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36998
Vulnerability from cvelistv5
Published
2022-07-28 00:49
Modified
2024-08-03 10:21
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m3x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:49:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36998",
    "datePublished": "2022-07-28T00:49:24",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36996
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m6x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.439Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:51:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36996",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36996",
    "datePublished": "2022-07-28T00:51:09",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36987
Vulnerability from cvelistv5
Published
2022-07-28 00:55
Modified
2024-08-03 10:21
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h4x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:55:34",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36987",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36987",
    "datePublished": "2022-07-28T00:55:34",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36990
Vulnerability from cvelistv5
Published
2022-07-28 00:54
Modified
2024-08-03 10:21
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#c2x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:54:19",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36990",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:H/PR:L/S:C/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36990",
    "datePublished": "2022-07-28T00:54:19",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36995
Vulnerability from cvelistv5
Published
2022-07-28 00:51
Modified
2024-08-03 10:21
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m5x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:21:32.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-28T00:51:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-36995",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:L/S:U/UI:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5",
              "refsource": "MISC",
              "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-36995",
    "datePublished": "2022-07-28T00:51:31",
    "dateReserved": "2022-07-28T00:00:00",
    "dateUpdated": "2024-08-03T10:21:32.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h8Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h8Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un ataque de denegaci\u00f3n de servicio contra un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36984",
  "lastModified": "2024-11-21T07:14:12.733",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.543",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#m1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#m1Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-37000",
  "lastModified": "2024-11-21T07:14:15.457",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.370",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#m2Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#m2Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Bajo determinadas condiciones, un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer remotamente archivos en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36999",
  "lastModified": "2024-11-21T07:14:15.287",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.307",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#c1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#c1Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions)."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup (en condiciones espec\u00edficas de notificaci\u00f3n)"
    }
  ],
  "id": "CVE-2022-36992",
  "lastModified": "2024-11-21T07:14:14.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#m6Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#m6Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup 10.0
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A22BA0AF-70FB-4948-B047-E62EA64EFFC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso a un cliente de NetBackup podr\u00eda recopilar de forma remota informaci\u00f3n sobre cualquier host conocido por un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36996",
  "lastModified": "2024-11-21T07:14:14.793",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m6"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h4Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h4Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda escribir arbitrariamente archivos en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36987",
  "lastModified": "2024-11-21T07:14:13.280",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.707",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h2Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h2Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36989",
  "lastModified": "2024-11-21T07:14:13.613",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.810",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h6Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h6Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un servidor NetBackup OpsCenter, un servidor NetBackup Primary o un servidor NetBackup Media podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor NetBackup Primary o un servidor NetBackup Media"
    }
  ],
  "id": "CVE-2022-36988",
  "lastModified": "2024-11-21T07:14:13.443",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.760",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h6"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#m5Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#m5Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda crear arbitrariamente directorios en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36995",
  "lastModified": "2024-11-21T07:14:14.633",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.107",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m5"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h7Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h7Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso local no privilegiado a un servidor primario de Windows NetBackup podr\u00eda escalar potencialmente sus privilegios"
    }
  ],
  "id": "CVE-2022-36985",
  "lastModified": "2024-11-21T07:14:12.917",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.607",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h7"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h5Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h5Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir arbitrariamente contenido en una ruta parcialmente controlada en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36991",
  "lastModified": "2024-11-21T07:14:13.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.907",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h5"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#c2Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#c2Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un Cliente NetBackup podr\u00eda escribir remotamente archivos arbitrarios en ubicaciones arbitrarias desde cualquier Cliente a cualquier otro Cliente por medio de un servidor primario"
    }
  ],
  "id": "CVE-2022-36990",
  "lastModified": "2024-11-21T07:14:13.793",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 5.8,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.857",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#c2"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h1Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h1Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36993",
  "lastModified": "2024-11-21T07:14:14.297",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.007",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#m4Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#m4Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda leer arbitrariamente archivos de un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36994",
  "lastModified": "2024-11-21T07:14:14.463",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.053",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m4"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#m3Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#m3Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota un desbordamiento del b\u00fafer basado en la pila en el servidor primario de NetBackup, resultando en una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2022-36998",
  "lastModified": "2024-11-21T07:14:15.127",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.257",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#m3"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h9Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h9Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso autenticado a un cliente de NetBackup podr\u00eda desencadenar de forma remota impactos que incluyen una lectura arbitraria de archivos, un ataque de tipo Server-Side Request Forgery (SSRF) y una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2022-36997",
  "lastModified": "2024-11-21T07:14:14.960",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:18.207",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h9"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-07-28 01:15
Modified
2024-11-21 07:14
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.
References
cve@mitre.orghttps://www.veritas.com/content/support/en_US/security/VTS22-004#h3Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.veritas.com/content/support/en_US/security/VTS22-004#h3Patch, Vendor Advisory
Impacted products
Vendor Product Version
veritas flex_appliance 1.2
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas flex_scale 1.3.1
veritas flex_scale 2.1
veritas netbackup 8.1.1
veritas netbackup 8.1.2
veritas netbackup 8.2
veritas netbackup 8.3
veritas netbackup 8.3.0.1
veritas netbackup 8.3.0.2
veritas netbackup 9.0
veritas netbackup 9.0.0.1
veritas netbackup 9.1
veritas netbackup 9.1.0.1
veritas netbackup_appliance 3.1.1
veritas netbackup_appliance 3.1.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.1
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.2
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.1
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 3.3.0.2
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "025BC427-C1D3-4888-8585-EE5EF288AE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDD5695-9235-4592-9B8A-A90BE7762F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_scale:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EF9FB3-5862-4C85-A082-5903E9619A01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48682500-A4CC-417A-AE87-254A38E9A837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28926F3-D951-40EC-A383-27038FF62D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3678D77D-D641-47C6-92BA-FE124D645F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32EEA7C-4AE9-4E8A-89C5-7354DCE953A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FB11BA-21B8-4AF5-8E06-A03A148380A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:8.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F903AD8B-FCF5-4287-828C-AB19C69C00FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A9DC13-0464-4507-A5A2-91BEF7E55AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B23C8C3-3385-435D-861E-F1EEFD382C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8797A64D-D4EA-45F4-911E-3F5794979FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup:9.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A3CE2C-544C-4785-B879-6C4E0A594FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFF0B8-7BA5-4BF0-B98A-BB833D3FA6A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "070A8292-8AA8-45B0-BD12-174071C142ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA05618C-73DD-4A02-AF1B-90C5D968C881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D33CB9E-3A08-4B80-8C3F-3D180C0F3E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDC739-0410-45C6-9628-EC833AC7400E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "40BE7CD2-A828-4A21-B3EB-3BC4688C6D96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "0D532AFE-824C-4002-AD4E-431F83911D27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.2:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "C9CD8205-281F-4ABD-BF1D-EB97090B3755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "0DD01222-0F16-48D3-842A-C07377C0872F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "3ED514C2-AEDD-4071-A145-5D281C789703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "BF2D4F61-2307-4A29-B620-E811E7642E66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:3.3.0.2:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "CF307131-DB9A-41CA-9990-EAAF56B671DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema en Veritas NetBackup versiones 8.1.x hasta 8.1.2, 8.2, 8.3.x hasta 8.3.0.2, 9.x hasta 9.0.0.1 y 9.1.x hasta 9.1.0.1 (y productos NetBackup relacionados). Un atacante con acceso no autenticado podr\u00eda ejecutar remotamente comandos arbitrarios en un servidor primario de NetBackup"
    }
  ],
  "id": "CVE-2022-36986",
  "lastModified": "2024-11-21T07:14:13.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-07-28T01:15:17.657",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.veritas.com/content/support/en_US/security/VTS22-004#h3"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}