CVE-2022-46414

Published: Dec 4, 2022Modified: Apr 24, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.

Affected (2)

Products: Veritas: Access Appliance, Netbackup Flex Scale Appliance

Veritas

2 products

Access Appliance

Netbackup Flex Scale Appliance

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Veritas Access Appliance	Up to 8.0.100
Veritas Netbackup Flex Scale Appliance	Up to 3.0

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

https://www.veritas.com/content/support/en_US/security/VTS22-019#issue1

Source: cve@mitre.org

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS22-019#issue1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.