Vulnerabilities > Veritas
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-27 | CVE-2022-36952 | Use of Hard-coded Credentials vulnerability in Veritas Netbackup In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. | 9.8 |
| 2022-07-27 | CVE-2022-36953 | Unspecified vulnerability in Veritas Netbackup In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. | 4.3 |
| 2022-07-27 | CVE-2022-36954 | Unspecified vulnerability in Veritas Netbackup In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. | 6.5 |
| 2022-07-27 | CVE-2022-36955 | Unspecified vulnerability in Veritas Netbackup In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. | 8.4 |
| 2022-07-27 | CVE-2022-36956 | Unspecified vulnerability in Veritas Netbackup 9.0/9.1.0.0 In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. | 7.5 |
| 2022-04-19 | CVE-2021-41570 | Cross-site Scripting vulnerability in Veritas Netbackup Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation. | 5.4 |
| 2022-04-01 | CVE-2022-22965 | Code Injection vulnerability in multiple products A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | 9.8 |
| 2022-03-10 | CVE-2022-26778 | Cleartext Storage of Sensitive Information vulnerability in Veritas System Recovery 18.0/21 Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. | 6.5 |
| 2022-03-04 | CVE-2022-26483 | Cross-site Scripting vulnerability in Veritas Infoscale Operations Manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. | 4.8 |
| 2022-03-04 | CVE-2022-26484 | Path Traversal vulnerability in Veritas Infoscale Operations Manager An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. | 4.9 |