Access Appliance Veritas Access Appliance

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Veritas Access Appliance.

By the Year

In 2024 there have been 0 vulnerabilities in Veritas Access Appliance . Access Appliance did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 4 9.30
2021 0 0.00
2020 0 0.00
2019 1 9.80
2018 0 0.00

It may take a day or so for new Access Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Veritas Access Appliance Security Vulnerabilities

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100

CVE-2022-46414 9.8 - Critical - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100

CVE-2022-46413 8.8 - High - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100

CVE-2022-46411 8.8 - High - December 04, 2022

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.

authentification

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding

CVE-2022-22965 9.8 - Critical - April 01, 2022

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Code Injection

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale

CVE-2019-18780 9.8 - Critical - November 05, 2019

An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Veritas Infoscale or by Veritas? Click the Watch button to subscribe.

Veritas
Vendor

subscribe