Vulnerabilities > Veritas > Netbackup Appliance > 4.0.0.1

DATE CVE VULNERABILITY TITLE RISK
2023-06-29 CVE-2023-37237 Incorrect Permission Assignment for Critical Resource vulnerability in Veritas Netbackup Appliance
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
network
low complexity
veritas CWE-732
7.2
7.2
2022-07-28 CVE-2022-36996 Unspecified vulnerability in Veritas products
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products).
network
low complexity
veritas
6.5
6.5
2022-07-28 CVE-2022-36997 Server-Side Request Forgery (SSRF) vulnerability in Veritas products
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products).
network
low complexity
veritas CWE-918
8.8
8.8
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
critical
 9.8
9.8