CVE-2022-36993

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
veritasflex_appliance
1.2
veritasflex_appliance
1.3
veritasflex_appliance
2.0
veritasflex_appliance
2.0.1
veritasflex_appliance
2.0.2
veritasflex_appliance
2.1
veritasflex_scale
1.3.1
veritasflex_scale
2.1
veritasnetbackup
8.1.1
veritasnetbackup
8.1.2
veritasnetbackup
8.2
veritasnetbackup
8.3
veritasnetbackup
8.3.0.1
veritasnetbackup
8.3.0.2
veritasnetbackup
9.0
veritasnetbackup
9.0.0.1
veritasnetbackup
9.1
veritasnetbackup
9.1.0.1
veritasnetbackup_appliance
3.1.1
veritasnetbackup_appliance
3.1.2
veritasnetbackup_appliance
3.2
veritasnetbackup_appliance
4.0
veritasnetbackup_appliance
4.1
veritasnetbackup_appliance
3.2:maintenance_release1
veritasnetbackup_appliance
3.2:maintenance_release2
veritasnetbackup_appliance
3.2:maintenance_release3
veritasnetbackup_appliance
3.3.0.1:maintenance_release1
veritasnetbackup_appliance
3.3.0.1:maintenance_release2
veritasnetbackup_appliance
3.3.0.2:maintenance_release1
veritasnetbackup_appliance
3.3.0.2:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release1
veritasnetbackup_appliance
4.0.0.1:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release3
veritasnetbackup_appliance
4.1.0.1:maintenance_release1
veritasnetbackup_appliance
4.1.0.1:maintenance_release2
𝑥
= Vulnerable software versions
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h1
https://www.veritas.com/content/support/en_US/security/VTS22-004#h1