Netbackup Appliance

DATE	CVE	VULNERABILITY TITLE	RISK
2023-06-29	CVE-2023-37237	Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup Appliance In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. network low complexity veritas CWE-732	7.2
2022-07-28	CVE-2022-36996	Unspecified vulnerability in Veritas products An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). network low complexity veritas	6.5
2022-07-28	CVE-2022-36997	Server-Side Request Forgery (SSRF) vulnerability in Veritas products An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). network low complexity veritas CWE-918	8.8
2022-04-01	CVE-2022-22965	Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. network low complexity vmware cisco oracle siemens veritas CWE-94 critical	9.8
2019-03-21	CVE-2019-9868	Insufficiently Protected Credentials vulnerability in Veritas Netbackup Appliance An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. network low complexity veritas CWE-522	4.0
2019-03-21	CVE-2019-9867	Insufficiently Protected Credentials vulnerability in Veritas Netbackup Appliance An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. network low complexity veritas CWE-522	4.0
2018-10-25	CVE-2018-18652	Unspecified vulnerability in Veritas Netbackup Appliance A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. network low complexity veritas critical	9.0
2017-05-09	CVE-2017-8859	Arbitrary Command Execution vulnerability in Veritas NetBackup Appliance In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. network low complexity veritas critical	10.0
2017-05-09	CVE-2017-8858	Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup and Netbackup Appliance In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process. network low complexity veritas CWE-732 critical	10.0
2017-05-09	CVE-2017-8857	Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup and Netbackup Appliance In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process. network low complexity veritas CWE-732 critical	10.0