CVE-2023-28818

Published: Mar 24, 2023Modified: Feb 19, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

Affected (3)

Products: Veritas: Aptare It Analytics, Netbackup It Analytics

2 products

Aptare It Analytics

Netbackup It Analytics

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Veritas Aptare It Analytics	Before 10.6.00
Veritas Netbackup It Analytics	Version 11.0.00
Veritas Netbackup It Analytics	Version 11.1.00

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

References (2)

https://www.veritas.com/content/support/en_US/security/VTS23-002

Source: cve@mitre.org

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS23-002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.