Netbackup

netbackup

Vendor: Veritas • 66 CVEs

CVEs (66)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-36949 1Veritas 1Netbackup Nov 21, 2024 Jul 27, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and...Show more In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.Show less
CVE-2022-36948 1Veritas 1Netbackup Nov 21, 2024 Jul 27, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.
CVE-2021-41570 1Veritas 1Netbackup Nov 21, 2024 Apr 19, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.
CVE-2020-36169 1Veritas 2Netbackup Opscenter Nov 21, 2024 Jan 6, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating s...Show more An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability affects master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade and post-install during normal operations.Show less
CVE-2020-36163 1Veritas 2Netbackup Opscenter Nov 21, 2024 Jan 6, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating...Show more An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under C:\. If a low privileged user on the Windows system creates an affected path with a library that NetBackup attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This affects NetBackup master servers, media servers, clients, and OpsCenter servers on the Windows platform. The system is vulnerable during an install or upgrade on all systems and post-install on Master, Media, and OpsCenter servers during normal operations.Show less
CVE-2017-8858 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 May 9, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
CVE-2017-8857 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 May 9, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
CVE-2017-8856 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 May 9, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
CVE-2017-6409 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
CVE-2017-6408 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before pe...Show more An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.Show less
CVE-2017-6407 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
CVE-2017-6406 1Veritas 3Access NetbackupNetbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
CVE-2017-6405 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
CVE-2017-6404 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data.
CVE-2017-6403 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
CVE-2017-6402 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
CVE-2017-6401 1Veritas 2Netbackup Netbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
CVE-2017-6400 1Veritas 3Access NetbackupNetbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
CVE-2017-6399 1Veritas 3Access NetbackupNetbackup Appliance May 13, 2026 Mar 2, 2017 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
CVE-2015-6552 1Veritas 2Netbackup Netbackup Appliance May 6, 2026 May 7, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2....Show more The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.Show less

Previous 1 234 Next