NetBackup Appliance
by Symantec
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28222 | 0.00 | — | 0.01 | Mar 7, 2024 | In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | |||
| CVE-2023-37237 | 0.00 | — | 0.01 | Jun 29, 2023 | In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | |||
| CVE-2019-9868 | 0.00 | — | 0.01 | Mar 19, 2019 | An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator. | |||
| CVE-2019-9867 | 0.00 | — | 0.01 | Mar 19, 2019 | An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator. | |||
| CVE-2018-18652 | 0.00 | — | 0.04 | Oct 25, 2018 | A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input. | |||
| CVE-2013-1608 | 0.00 | — | 0.01 | Mar 26, 2013 | Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors. |
- CVE-2024-28222Mar 7, 2024risk 0.00cvss —epss 0.01
In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
- CVE-2023-37237Jun 29, 2023risk 0.00cvss —epss 0.01
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
- CVE-2019-9868Mar 19, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
- CVE-2019-9867Mar 19, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
- CVE-2018-18652Oct 25, 2018risk 0.00cvss —epss 0.04
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
- CVE-2013-1608Mar 26, 2013risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the Management Console on the Symantec NetBackup (NBU) appliance 2.0.x allows remote attackers to read arbitrary files via unspecified vectors.
Page 2 of 2