CVE-2022-36996

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with access to a NetBackup Client could remotely gather information about any host known to a NetBackup Primary server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitreCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
veritasflex_appliance
1.2
veritasflex_appliance
1.3
veritasflex_appliance
2.0
veritasflex_appliance
2.0.1
veritasflex_appliance
2.0.2
veritasflex_appliance
2.1
veritasflex_scale
1.3.1
veritasflex_scale
2.1
veritasnetbackup
8.1.1
veritasnetbackup
8.1.2
veritasnetbackup
8.2
veritasnetbackup
8.3
veritasnetbackup
8.3.0.1
veritasnetbackup
8.3.0.2
veritasnetbackup
9.0
veritasnetbackup
9.0.0.1
veritasnetbackup
9.1
veritasnetbackup
9.1.0.1
veritasnetbackup
10.0
veritasnetbackup_appliance
3.1.1
veritasnetbackup_appliance
3.1.2
veritasnetbackup_appliance
3.2
veritasnetbackup_appliance
4.0
veritasnetbackup_appliance
4.1
veritasnetbackup_appliance
3.2:maintenance_release1
veritasnetbackup_appliance
3.2:maintenance_release2
veritasnetbackup_appliance
3.2:maintenance_release3
veritasnetbackup_appliance
3.3.0.1:maintenance_release1
veritasnetbackup_appliance
3.3.0.1:maintenance_release2
veritasnetbackup_appliance
3.3.0.2:maintenance_release1
veritasnetbackup_appliance
3.3.0.2:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release1
veritasnetbackup_appliance
4.0.0.1:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release3
veritasnetbackup_appliance
4.1.0.1:maintenance_release1
veritasnetbackup_appliance
4.1.0.1:maintenance_release2
𝑥
= Vulnerable software versions
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m6
https://www.veritas.com/content/support/en_US/security/VTS22-004#m6