CVE-2022-36985

EUVD-2022-39642
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
veritasflex_appliance
1.2
veritasflex_appliance
1.3
veritasflex_appliance
2.0
veritasflex_appliance
2.0.1
veritasflex_appliance
2.0.2
veritasflex_appliance
2.1
veritasflex_scale
1.3.1
veritasflex_scale
2.1
veritasnetbackup
8.1.1
veritasnetbackup
8.1.2
veritasnetbackup
8.2
veritasnetbackup
8.3
veritasnetbackup
8.3.0.1
veritasnetbackup
8.3.0.2
veritasnetbackup
9.0
veritasnetbackup
9.0.0.1
veritasnetbackup
9.1
veritasnetbackup
9.1.0.1
veritasnetbackup_appliance
3.1.1
veritasnetbackup_appliance
3.1.2
veritasnetbackup_appliance
3.2
veritasnetbackup_appliance
4.0
veritasnetbackup_appliance
4.1
veritasnetbackup_appliance
3.2:maintenance_release1
veritasnetbackup_appliance
3.2:maintenance_release2
veritasnetbackup_appliance
3.2:maintenance_release3
veritasnetbackup_appliance
3.3.0.1:maintenance_release1
veritasnetbackup_appliance
3.3.0.1:maintenance_release2
veritasnetbackup_appliance
3.3.0.2:maintenance_release1
veritasnetbackup_appliance
3.3.0.2:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release1
veritasnetbackup_appliance
4.0.0.1:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release3
veritasnetbackup_appliance
4.1.0.1:maintenance_release1
veritasnetbackup_appliance
4.1.0.1:maintenance_release2
𝑥
= Vulnerable software versions
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h7
https://www.veritas.com/content/support/en_US/security/VTS22-004#h7