Shodan
Vulnerabilities
Vulnerable Software
Veritas:  Security Vulnerabilities
CVE-2022-46411
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-12-04
CVE-2022-46412
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-12-04
CVE-2022-46413
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-12-04
CVE-2022-46414
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-12-04
CVE-2022-46410
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.
CVSS Score
8.8
EPSS Score
0.006
Published
2022-12-04
CVE-2022-45461
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-11-17
CVE-2022-42306
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-10-03
CVE-2022-42307
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-10-03
CVE-2022-42308
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.
CVSS Score
9.0
EPSS Score
0.002
Published
2022-10-03
CVE-2022-42303
An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.
CVSS Score
8.0
EPSS Score
0.005
Published
2022-10-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved