Veritas Enterprise storage and data protection

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1

CVE-2023-40256 9.8 - Critical - August 11, 2023

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.

Improper Certificate Validation

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410

CVE-2023-38404 8.8 - High - July 17, 2023

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.

Unrestricted File Upload

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may

CVE-2023-37237 7.2 - High - June 29, 2023

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.

Incorrect Permission Assignment for Critical Resource

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410

CVE-2023-32568 7.2 - High - May 10, 2023

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.

Shell injection

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410

CVE-2023-32569 9.8 - Critical - May 10, 2023

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.

SQL Injection

Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks

CVE-2023-26788 6.1 - Medium - April 10, 2023

Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.

XSS

Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS)

CVE-2023-26789 6.1 - Medium - April 05, 2023

Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.

XSS

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0

CVE-2023-28818 5.3 - Medium - March 24, 2023

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

Improper Verification of Cryptographic Signature

An issue was discovered in Veritas NetBackup before 8.3.0.2

CVE-2023-28758 7.1 - High - March 23, 2023

An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.

An issue was discovered in Veritas NetBackup before 10.0 on Windows

CVE-2023-28759 7.8 - High - March 23, 2023

An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system.

DLL preloading

An issue was discovered in Veritas NetBackup Flex Scale through 3.0

CVE-2022-46410 8.8 - High - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100

CVE-2022-46411 8.8 - High - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.

authentification

An issue was discovered in Veritas NetBackup Flex Scale through 3.0

CVE-2022-46412 8.8 - High - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100

CVE-2022-46413 8.8 - High - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100

CVE-2022-46414 9.8 - Critical - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products

CVE-2022-42306 5.5 - Medium - October 03, 2022

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.

NULL Pointer Dereference

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products

CVE-2022-42308 7.1 - High - October 03, 2022

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.

Directory traversal

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products

CVE-2022-42307 9.8 - Critical - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.

XXE

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products

CVE-2022-42305 7.5 - High - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.

Directory traversal

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products

CVE-2022-42304 9.8 - Critical - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

SQL Injection

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products

CVE-2022-42301 8.8 - High - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.

XXE

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products

CVE-2022-42300 6.5 - Medium - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products

CVE-2022-42303 9.8 - Critical - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.

SQL Injection

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products

CVE-2022-42299 7.5 - High - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products

CVE-2022-42302 9.8 - Critical - October 03, 2022

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.

SQL Injection

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration

CVE-2022-41320 6.5 - Medium - September 23, 2022

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

Insecure Storage of Sensitive Information

A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI)

CVE-2022-41319 6.1 - Medium - September 23, 2022

A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).

XSS

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36996 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36995 4.3 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily create directories on a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36994 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily read files from a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36993 8.8 - High - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36992 8.8 - High - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server (in specific notify conditions).

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36991 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36990 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36989 8.8 - High - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36988 8.8 - High - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36987 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36986 9.8 - Critical - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unauthenticated access could remotely execute arbitrary commands on a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36985 7.8 - High - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36984 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a denial of service attack against a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36997 8.8 - High - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.

XSPA

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36998 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.

Memory Corruption

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-36999 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2

CVE-2022-37000 6.5 - Medium - July 28, 2022

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). Under certain conditions, an attacker with authenticated access to a NetBackup Client could remotely read files on a NetBackup Primary server.

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host

CVE-2022-36956 7.5 - High - July 27, 2022

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1.

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur

CVE-2022-36948 5.4 - Medium - July 27, 2022

In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

XSS

In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges

CVE-2022-36949 7.8 - High - July 27, 2022

In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

In Veritas NetBackup OpsCenter

CVE-2022-36950 9.8 - Critical - July 27, 2022

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

In Veritas NetBackup OpsCenter

CVE-2022-36951 9.8 - Critical - July 27, 2022

In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem

CVE-2022-36952 9.8 - Critical - July 27, 2022

In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

Use of Hard-coded Credentials

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information

CVE-2022-36953 4.3 - Medium - July 27, 2022

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

In Veritas NetBackup OpsCenter

CVE-2022-36954 6.5 - Medium - July 27, 2022

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

In Veritas NetBackup

CVE-2022-36955 8.4 - High - July 27, 2022

In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1.

Veritas NetBackup OpsCenter Analytics 9.1

CVE-2021-41570 5.4 - Medium - April 19, 2022

Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.

XSS

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding

CVE-2022-22965 9.8 - Critical - April 01, 2022

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Code Injection

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration

CVE-2022-26778 6.5 - Medium - March 10, 2022

Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

Cleartext Storage of Sensitive Information

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100

CVE-2022-26484 4.9 - Medium - March 04, 2022

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. The web server fails to sanitize admin/cgi-bin/rulemgr.pl/getfile/ input data, allowing a remote authenticated administrator to read arbitrary files on the system via Directory Traversal. By manipulating the resource name in GET requests referring to files with absolute paths, it is possible to access arbitrary files stored on the filesystem, including application source code, configuration files, and critical system files.

Directory traversal

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100

CVE-2022-26483 4.8 - Medium - March 04, 2022

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2 Patch 600 and 8.x before 8.0.0 Patch 100. A reflected cross-site scripting (XSS) vulnerability in admin/cgi-bin/listdir.pl allows authenticated remote administrators to inject arbitrary web script or HTML into an HTTP GET parameter (which reflect the user input without sanitization).

XSS

An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2

CVE-2021-44677 9.8 - Critical - December 06, 2021

An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).

Marshaling, Unmarshaling

An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2

CVE-2021-44678 9.8 - Critical - December 06, 2021

An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).

Marshaling, Unmarshaling

An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2

CVE-2021-44679 9.8 - Critical - December 06, 2021

An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).

Marshaling, Unmarshaling

An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2

CVE-2021-44680 9.8 - Critical - December 06, 2021

An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).

Marshaling, Unmarshaling

An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2

CVE-2021-44681 9.8 - Critical - December 06, 2021

An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).

Marshaling, Unmarshaling

An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2

CVE-2021-44682 9.8 - Critical - December 06, 2021

An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).

Marshaling, Unmarshaling

An issue was discovered in Veritas Backup Exec before 21.2

CVE-2021-27878 8.8 - High - March 01, 2021

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.

authentification

An issue was discovered in Veritas Backup Exec before 21.2

CVE-2021-27876 8.1 - High - March 01, 2021

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.

authentification

An issue was discovered in Veritas Backup Exec before 21.2

CVE-2021-27877 9.8 - Critical - March 01, 2021

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.

authentification

Veritas APTARE versions prior to 10.5 included code

CVE-2020-27157 8.1 - High - October 15, 2020

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.

Authentication Bypass by Capture-replay

Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks

CVE-2020-27156 9.8 - Critical - October 15, 2020

Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user.

AuthZ

Veritas APTARE versions prior to 10.4

CVE-2020-12877 7.5 - High - May 14, 2020

Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.

Information Disclosure

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks

CVE-2020-12875 6.3 - Medium - May 14, 2020

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application.

AuthZ

Veritas APTARE versions prior to 10.4 included code

CVE-2020-12874 9.8 - Critical - May 14, 2020

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

AuthZ

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale

CVE-2019-18780 9.8 - Critical - November 05, 2019

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

Command Injection

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1

CVE-2019-14415 4.8 - Medium - July 29, 2019

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to.

XSS

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1

CVE-2019-14418 8.8 - High - July 29, 2019

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.

Directory traversal

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1

CVE-2019-14416 7.2 - High - July 29, 2019

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1

CVE-2019-14417 7.2 - High - July 29, 2019

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2

CVE-2019-9868 7.2 - High - March 21, 2019

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.

Insufficiently Protected Credentials

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2

CVE-2019-9867 7.2 - High - March 21, 2019

An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.

Insufficiently Protected Credentials

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2

CVE-2018-18652 7.2 - High - October 25, 2018

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents

CVE-2017-8895 9.8 - Critical - May 10, 2017

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

Dangling pointer

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware

CVE-2005-0772 7.5 - High - June 28, 2005

VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 through 9.1.307 for Netware, allows remote attackers to cause a denial of service (Remote Agent crash) via (1) a crafted packet in NDMLSRVR.DLL or (2) a request packet with an invalid (non-0) "Error Status" value, which triggers a null dereference.

NULL Pointer Dereference