CVE-2015-6550

Published: May 7, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.

Affected (37)

Products: Veritas: Netbackup Appliance, Netbackup

Veritas

2 products

Netbackup Appliance

Netbackup

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Veritas Netbackup Appliance	Version 1.1.0.1
Veritas Netbackup Appliance	Version 1.1.0.2
Veritas Netbackup Appliance	Version 1.2
Veritas Netbackup Appliance	Version 2.0.1
Veritas Netbackup Appliance	Version 2.0.2
Veritas Netbackup Appliance	Version 2.0.3
Veritas Netbackup Appliance	Version 2.0
Veritas Netbackup Appliance	Version 2.5.1
Veritas Netbackup Appliance	Version 2.5.2
Veritas Netbackup Appliance	Version 2.5.3
Veritas Netbackup Appliance	Version 2.5
Veritas Netbackup Appliance	Version 2.6.0.2
Veritas Netbackup Appliance	Version 2.6.0.3
Veritas Netbackup Appliance	Version 2.6.0.4
Veritas Netbackup Appliance	Version 2.6.1.1
Veritas Netbackup Appliance	Version 2.6.1.2
Veritas Netbackup Appliance	Version 2.6.1
Veritas Netbackup Appliance	Version 2.6
Veritas Netbackup Appliance	Version 2.7.1

Configuration B

18 vulnerable

Vulnerable Software	Affected Versions
Veritas Netbackup	Version 7.0.1
Veritas Netbackup	Version 7.0
Veritas Netbackup	Version 7.1.0.1
Veritas Netbackup	Version 7.1.0.2
Veritas Netbackup	Version 7.1.0.3
Veritas Netbackup	Version 7.1.0.4
Veritas Netbackup	Version 7.5.0.1
Veritas Netbackup	Version 7.5.0.3
Veritas Netbackup	Version 7.5.0.4
Veritas Netbackup	Version 7.5.0.5
Veritas Netbackup	Version 7.5.0.6
Veritas Netbackup	Version 7.5.0.7
Veritas Netbackup	Version 7.6.0.2
Veritas Netbackup	Version 7.6.0.3
Veritas Netbackup	Version 7.6.0.4
Veritas Netbackup	Version 7.6.1.1
Veritas Netbackup	Version 7.6.1.2
Veritas Netbackup	Version 7.7.1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www.securitytracker.com/id/1035704

Source: secure@symantec.com

https://www.veritas.com/content/support/en_US/security/VTS16-001.html

Source: secure@symantec.com

Vendor Advisory

http://www.securitytracker.com/id/1035704

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.veritas.com/content/support/en_US/security/VTS16-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.