CVE-2022-36997

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
mitreCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:L/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
veritasflex_appliance
1.2
veritasflex_appliance
1.3
veritasflex_appliance
2.0
veritasflex_appliance
2.0.1
veritasflex_appliance
2.0.2
veritasflex_appliance
2.1
veritasflex_scale
1.3.1
veritasflex_scale
2.1
veritasnetbackup
8.1.1
veritasnetbackup
8.1.2
veritasnetbackup
8.2
veritasnetbackup
8.3
veritasnetbackup
8.3.0.1
veritasnetbackup
8.3.0.2
veritasnetbackup
9.0
veritasnetbackup
9.0.0.1
veritasnetbackup
9.1
veritasnetbackup
9.1.0.1
veritasnetbackup_appliance
3.1.1
veritasnetbackup_appliance
3.1.2
veritasnetbackup_appliance
3.2
veritasnetbackup_appliance
4.0
veritasnetbackup_appliance
4.1
veritasnetbackup_appliance
3.2:maintenance_release1
veritasnetbackup_appliance
3.2:maintenance_release2
veritasnetbackup_appliance
3.2:maintenance_release3
veritasnetbackup_appliance
3.3.0.1:maintenance_release1
veritasnetbackup_appliance
3.3.0.1:maintenance_release2
veritasnetbackup_appliance
3.3.0.2:maintenance_release1
veritasnetbackup_appliance
3.3.0.2:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release1
veritasnetbackup_appliance
4.0.0.1:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release3
veritasnetbackup_appliance
4.1.0.1:maintenance_release1
veritasnetbackup_appliance
4.1.0.1:maintenance_release2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#h9
https://www.veritas.com/content/support/en_US/security/VTS22-004#h9