CVE-2015-6551

Published: May 7, 2016Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

Affected (37)

Products: Veritas: Netbackup Appliance, Netbackup

Veritas

2 products

Netbackup Appliance

Netbackup

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Veritas Netbackup Appliance	Version 1.1.0.1
Veritas Netbackup Appliance	Version 1.1.0.2
Veritas Netbackup Appliance	Version 1.2
Veritas Netbackup Appliance	Version 2.0.1
Veritas Netbackup Appliance	Version 2.0.2
Veritas Netbackup Appliance	Version 2.0.3
Veritas Netbackup Appliance	Version 2.0
Veritas Netbackup Appliance	Version 2.5.1
Veritas Netbackup Appliance	Version 2.5.2
Veritas Netbackup Appliance	Version 2.5.3
Veritas Netbackup Appliance	Version 2.5
Veritas Netbackup Appliance	Version 2.6.0.2
Veritas Netbackup Appliance	Version 2.6.0.3
Veritas Netbackup Appliance	Version 2.6.0.4
Veritas Netbackup Appliance	Version 2.6.1.1
Veritas Netbackup Appliance	Version 2.6.1.2
Veritas Netbackup Appliance	Version 2.6.1
Veritas Netbackup Appliance	Version 2.6
Veritas Netbackup Appliance	Version 2.7.1

Configuration B

18 vulnerable

Vulnerable Software	Affected Versions
Veritas Netbackup	Version 7.0.1
Veritas Netbackup	Version 7.0
Veritas Netbackup	Version 7.1.0.1
Veritas Netbackup	Version 7.1.0.2
Veritas Netbackup	Version 7.1.0.3
Veritas Netbackup	Version 7.1.0.4
Veritas Netbackup	Version 7.5.0.1
Veritas Netbackup	Version 7.5.0.3
Veritas Netbackup	Version 7.5.0.4
Veritas Netbackup	Version 7.5.0.5
Veritas Netbackup	Version 7.5.0.6
Veritas Netbackup	Version 7.5.0.7
Veritas Netbackup	Version 7.6.0.2
Veritas Netbackup	Version 7.6.0.3
Veritas Netbackup	Version 7.6.0.4
Veritas Netbackup	Version 7.6.1.1
Veritas Netbackup	Version 7.6.1.2
Veritas Netbackup	Version 7.7.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.securitytracker.com/id/1035704

Source: secure@symantec.com

https://www.veritas.com/content/support/en_US/security/VTS16-001.html

Source: secure@symantec.com

Vendor Advisory

http://www.securitytracker.com/id/1035704

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.veritas.com/content/support/en_US/security/VTS16-001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.