CVE-2022-36998

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
mitreCNA
6.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:L/S:C/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
veritasflex_appliance
1.2
veritasflex_appliance
1.3
veritasflex_appliance
2.0
veritasflex_appliance
2.0.1
veritasflex_appliance
2.0.2
veritasflex_appliance
2.1
veritasflex_scale
1.3.1
veritasflex_scale
2.1
veritasnetbackup
8.1.1
veritasnetbackup
8.1.2
veritasnetbackup
8.2
veritasnetbackup
8.3
veritasnetbackup
8.3.0.1
veritasnetbackup
8.3.0.2
veritasnetbackup
9.0
veritasnetbackup
9.0.0.1
veritasnetbackup
9.1
veritasnetbackup
9.1.0.1
veritasnetbackup_appliance
3.1.1
veritasnetbackup_appliance
3.1.2
veritasnetbackup_appliance
3.2
veritasnetbackup_appliance
4.0
veritasnetbackup_appliance
4.1
veritasnetbackup_appliance
3.2:maintenance_release1
veritasnetbackup_appliance
3.2:maintenance_release2
veritasnetbackup_appliance
3.2:maintenance_release3
veritasnetbackup_appliance
3.3.0.1:maintenance_release1
veritasnetbackup_appliance
3.3.0.1:maintenance_release2
veritasnetbackup_appliance
3.3.0.2:maintenance_release1
veritasnetbackup_appliance
3.3.0.2:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release1
veritasnetbackup_appliance
4.0.0.1:maintenance_release2
veritasnetbackup_appliance
4.0.0.1:maintenance_release3
veritasnetbackup_appliance
4.1.0.1:maintenance_release1
veritasnetbackup_appliance
4.1.0.1:maintenance_release2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.veritas.com/content/support/en_US/security/VTS22-004#m3
https://www.veritas.com/content/support/en_US/security/VTS22-004#m3