Filtered by vendor Veritas
Subscriptions
Total
133 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28818 | 1 Veritas | 2 Aptare It Analytics, Netbackup It Analytics | 2025-02-19 | 5.3 Medium |
| An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors. | ||||
| CVE-2023-26789 | 1 Veritas | 1 Netbackup Opscenter | 2025-02-13 | 6.1 Medium |
| Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser. | ||||
| CVE-2023-26788 | 1 Veritas | 1 Netbackup Appliance Firmware | 2025-02-11 | 6.1 Medium |
| Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. | ||||
| CVE-2021-27878 | 1 Veritas | 1 Backup Exec | 2025-02-04 | 8.8 High |
| An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges. | ||||
| CVE-2021-27877 | 1 Veritas | 1 Backup Exec | 2025-02-04 | 8.2 High |
| An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands. | ||||
| CVE-2021-27876 | 1 Veritas | 1 Backup Exec | 2025-02-03 | 8.1 High |
| An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges. | ||||
| CVE-2022-22965 | 6 Cisco, Oracle, Redhat and 3 more | 45 Cx Cloud Agent, Commerce Platform, Communications Cloud Native Core Automated Test Suite and 42 more | 2025-01-29 | 9.8 Critical |
| A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. | ||||
| CVE-2023-32569 | 1 Veritas | 1 Infoscale Operations Manager | 2025-01-28 | 7.2 High |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database. | ||||
| CVE-2023-32568 | 1 Veritas | 1 Infoscale Operations Manager | 2025-01-28 | 7.2 High |
| An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration. | ||||
| CVE-2024-28222 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2025-01-21 | 9.8 Critical |
| In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | ||||
| CVE-2024-53915 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2024-53914 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2024-53913 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2024-53912 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2024-53911 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2024-53910 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2024-53909 | 1 Veritas | 1 Enterprise Vault | 2024-11-29 | 9.8 Critical |
| An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | ||||
| CVE-2023-37237 | 1 Veritas | 1 Netbackup Appliance | 2024-11-26 | 6.5 Medium |
| In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | ||||
| CVE-2024-47854 | 1 Veritas | 1 Data Insight | 2024-11-26 | 6.1 Medium |
| An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | ||||
| CVE-2024-35204 | 1 Veritas | 1 System Recovery | 2024-11-21 | 8.4 High |
| Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. | ||||