Veritas Enterprise storage and data protection

Known Exploited Veritas Vulnerabilities

The following Veritas vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

The vulnerability CVE-2021-27877: Veritas Backup Exec Agent Improper Authentication Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 1 vulnerability in Veritas with an average score of 7.8 out of ten. Veritas did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.

Recent Veritas Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2020-37045	Feb 01, 2026	Unquoted Service Path in Veritas NetBackup 7.0 Enables Elev. Code Exec Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges.	Netbackup Netbackup Firmware
CVE-2024-46542	Dec 30, 2024	Veritas Arctera Data Insight SQL Injection Vulnerability Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks.	Data Insight
CVE-2024-53909	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-53910	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-53911	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-53912	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-53914	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-53915	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-53913	Nov 24, 2024	Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.	Enterprise Vault
CVE-2024-52941	Nov 18, 2024	Veritas Enterprise Vault <15.1 XSS via Auth Remote Param Injection An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.	Enterprise Vault
CVE-2024-52942	Nov 18, 2024	Veritas Enterprise Vault <15.1 XSS via Auth Remote HTTP Param Injection An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.	Enterprise Vault
CVE-2024-52943	Nov 18, 2024	Veritas Enterprise Vault <15.1: Authenticated XSS via HTTP Param An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.	Enterprise Vault
CVE-2024-52944	Nov 18, 2024	Auth Remote XSS via Param Injection in Veritas Enterprise Vault <15.1 An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.	Enterprise Vault
CVE-2024-52945	Nov 18, 2024	Veritas NetBackup <10.5 Windows DLL injection via command execution An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context.	Netbackup
CVE-2024-47854	Oct 04, 2024	XSS in Veritas Data Insight <7.1 Web Reflected Script Injection An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.	Data Insight
CVE-2024-34404	May 03, 2024	NetBackup Governance Mode Retention Lock Bypass Prior 10.4/5.4 A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode (which could cause premature deletion).	Netbackup
CVE-2024-33671	Apr 26, 2024	Veritas Backup Exec: Arbitrary File Deletion via Dedup Streaming Agent (Pre-22.2 HF917391) An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files.	Backup Exec
CVE-2024-33673	Apr 26, 2024	Veritas Backup Exec DLL Hijack via Improper Access (before 22.2 HotFix 917391) An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path.	Backup Exec
CVE-2024-33672	Apr 26, 2024	Veritas NetBackup<10.4 MT Agent Enables Arbitrary File Delete An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files.	Netbackup
CVE-2024-28222	Mar 07, 2024	Upload/Exec Exploit in Veritas NetBackup BPCD before 8.1.2 / 3.1.2 In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.	Netbackup Appliance Netbackup
CVE-2024-27283	Feb 22, 2024	Veritas eDis Platform <10.2.5: Arbitrary File Upload by Admin A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.	Ediscovery Platform
CVE-2023-40256	Aug 11, 2023	Veritas NB Snapshot Manager 10.2.0.1 RabbitMQ Cert Validation Flaw A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.	Netbackup Snapshot Manager
CVE-2023-38404	Jul 17, 2023	Veritas VIOM <8.0.0.410 Remote File Upload RCE via XPRTLD The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.	Infoscale Operations Manager
CVE-2023-37237	Jun 29, 2023	Veritas NetBackup Appliance <=4.1.0.1 MR3: Auth Admin Bypass Run OS Cmds via SSH In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.	Netbackup Appliance
CVE-2023-32568	May 10, 2023	VIOM 7.4.2/8.0.410 Web App Command Injection via Unvalidated Input An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.	Infoscale Operations Manager
CVE-2023-32569	May 10, 2023	SQL Injection in Veritas InfoScale Ops Manager <7.4.2.800 & <8.0.410 An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.	Infoscale Operations Manager
CVE-2023-26788	Apr 10, 2023	Veritas Appliance v4.1.0.1 Host Header Injection Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.	Netbackup Appliance Firmware
CVE-2023-26789	Apr 05, 2023	Veritas NetBackUp OpsCenter 9.1.0.1 Reflected XSS via Web App Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.	Netbackup Opscenter
CVE-2023-28818	Mar 24, 2023	Unsigned Files in Veritas NB IA 11 before 11.2.0 Enable Rogue Collector An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.	Netbackup It Analytics Aptare It Analytics
CVE-2023-28758	Mar 23, 2023	Veritas NetBackup <8.3.0.2 BPCD Log Overwrite Vulnerability An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.	Netbackup
CVE-2023-28759	Mar 23, 2023	Veritas NetBackup <10.0 DLL Path Validation Bypass Elevates Privileges An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.	Netbackup
CVE-2022-46414	Dec 04, 2022	Veritas NetBackup Flex Scale <=3.0/Access Appliance <=8.0.100 Unauth RCE Portal An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.	Netbackup Flex Scale Appliance Access Appliance
CVE-2022-46410	Dec 04, 2022	Veritas NetBackup Flex Scale <=3.0 Privilege Escalation via Command Exploit An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.	Netbackup Flex Scale Appliance
CVE-2022-46411	Dec 04, 2022	Default Pass Persisted in Veritas NB FlexScale 3.0 | AccessAppliance 8.0.100 An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.	Netbackup Flex Scale Appliance Access Appliance
CVE-2022-46412	Dec 04, 2022	Veritas NetBackup Flex Scale <=3.0 Privileged Shell Escape (CVE-2022-46412) An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.	Netbackup Flex Scale Appliance
CVE-2022-46413	Dec 04, 2022	Authenticated RCE via Management Portal in Veritas NetBackup Flex Scale <3.0 An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.	Netbackup Flex Scale Appliance Access Appliance
CVE-2022-45461	Nov 17, 2022	Authenticated Non-Root Users Run Arbitrary Commands as Root via Java Admin Console in Veritas NetBac The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.	Netbackup
CVE-2022-42302	Oct 03, 2022	SQLi in Veritas NetBackup <=10.0 NBFSMCLIENT Service An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.	Netbackup
CVE-2022-42308	Oct 03, 2022	Path Traversal Deleting Files in Veritas NetBackup 8.2 (pbx_exchange) An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.	Netbackup
CVE-2022-42307	Oct 03, 2022	Veritas NetBackup 10.x XXE Injection via DiscoveryService (CVE-2022-42307) An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.	Netbackup
CVE-2022-42306	Oct 03, 2022	Veritas NetBackup <=8.2 DoS via pbx_exchange NULL pointer crash (local) An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.	Netbackup
CVE-2022-42305	Oct 03, 2022	Veritas NetBackup 10.0.0.1 Path Traversal via DiscoveryService An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.	Netbackup
CVE-2022-42304	Oct 03, 2022	Veritas NetBackup <=10.0 SQL Injection in idm, nbars, SLP Manager An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.	Netbackup
CVE-2022-42301	Oct 03, 2022	Veritas NetBackup XXE via nbars (v <=10.0.0.1) An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.	Netbackup
CVE-2022-42299	Oct 03, 2022	NetBackup Primary Server DoS via DiscoveryService (10.0.0.1) An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.	Netbackup
CVE-2022-42303	Oct 03, 2022	Veritas NetBackup <10.0 SQLi (Second-Order via NBFSMCLIENT) CVE-2022-42303 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.	Netbackup
CVE-2022-42300	Oct 03, 2022	Denial of Service via nbars Crash in Veritas NetBackup 10.0.0.1 An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)	Netbackup
CVE-2022-41319	Sep 23, 2022	Reflected XSS in Veritas DLO <9.8 login.jsp A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).	Desktop And Laptop Option
CVE-2022-41320	Sep 23, 2022	VSR Stores Network Password in Windows Registry (CVE-2022-41320) Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.	System Recovery
CVE-2022-36984	Jul 28, 2022	Veritas NetBackup 8.x-9.x Authenticated Client DoS on Primary An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.	Netbackup Netbackup Appliance Flex Appliance And others...