Veritas Access Appliance
By the Year
In 2024 there have been 0 vulnerabilities in Veritas Access Appliance . Access Appliance did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 9.30 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Access Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Veritas Access Appliance Security Vulnerabilities
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100
CVE-2022-46414
9.8 - Critical
- December 04, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100
CVE-2022-46413
8.8 - High
- December 04, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100
CVE-2022-46411
8.8 - High
- December 04, 2022
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
authentification
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding
CVE-2022-22965
9.8 - Critical
- April 01, 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Code Injection
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale
CVE-2019-18780
9.8 - Critical
- November 05, 2019
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Veritas Infoscale or by Veritas? Click the Watch button to subscribe.
