VYPR
Get started
← All advisories
Critical severity9.8NVD Advisory· Published Jan 4, 2017· Updated May 6, 2026

CVE-2016-7399

CVE-2016-7399

Description

scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.

Affected products

12
  • Symantec/Netbackup Appliance Firmware12 versions
    cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.6.1.2:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.1.0:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:2.7.2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:veritas:netbackup_appliance_firmware:3.0.0.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.