The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NetBackup

computer vulnerability announce CVE-2019-9867 CVE-2019-9868

Veritas NetBackup Appliance: privilege escalation via Password Disclosure

Synthesis of the vulnerability

An attacker can bypass restrictions via Password Disclosure of Veritas NetBackup Appliance, in order to escalate his privileges.
Impacted products: NetBackup.
Severity: 1/4.
Consequences: privileged access/rights, user access/rights.
Provenance: privileged account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/03/2019.
Identifiers: CVE-2019-9867, CVE-2019-9868, VIGILANCE-VUL-28777, VTS19-001.

Description of the vulnerability

An attacker can bypass restrictions via Password Disclosure of Veritas NetBackup Appliance, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-18652

Veritas NetBackup Appliance: use after free via Exec Agents

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Exec Agents of Veritas NetBackup Appliance, in order to trigger a denial of service, and possibly to run code.
Impacted products: NetBackup.
Severity: 3/4.
Consequences: user access/rights, denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 26/10/2018.
Identifiers: CVE-2018-18652, VIGILANCE-VUL-27622, VTS18-003.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Exec Agents of Veritas NetBackup Appliance, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-8859

Veritas NetBackup Appliance: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Veritas NetBackup Appliance, in order to run code.
Impacted products: NetBackup.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 09/05/2017.
Identifiers: CVE-2017-8859, VIGILANCE-VUL-22661, VTS17-005.

Description of the vulnerability

An attacker can use a vulnerability of Veritas NetBackup Appliance, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-8856 CVE-2017-8857 CVE-2017-8858

Veritas Netbackup: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Veritas Netbackup.
Impacted products: NetBackup.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/05/2017.
Identifiers: CVE-2017-8856, CVE-2017-8857, CVE-2017-8858, VIGILANCE-VUL-22660, VTS17-004.

Description of the vulnerability

An attacker can use several vulnerabilities of Veritas Netbackup.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-6399 CVE-2017-6400 CVE-2017-6401

Veritas NetBackup: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Veritas NetBackup.
Impacted products: NetBackup.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 11.
Creation date: 01/03/2017.
Identifiers: CVE-2017-6399, CVE-2017-6400, CVE-2017-6401, CVE-2017-6402, CVE-2017-6403, CVE-2017-6404, CVE-2017-6405, CVE-2017-6406, CVE-2017-6407, CVE-2017-6408, CVE-2017-6409, VIGILANCE-VUL-21983, VTS17-003.

Description of the vulnerability

Several vulnerabilities were announced in Veritas NetBackup.

A local attacker can start an arbitrary command with administrator privileges. [severity:3/4; CVE-2017-6407]

A local attacker can start an arbitrary command with administrator privileges. [severity:3/4; CVE-2017-6400]

An authenticated attacker can trigger a denial of service against the server. [severity:2/4; CVE-2017-6402]

A local attacker can run an arbitrary command on the client hosts with administrator privileges. [severity:3/4; CVE-2017-6399]

An attacker can submit commands with paths including "../", in order to run arbitrary command with hight privileges. [severity:3/4; CVE-2017-6406]

A local attacker can use bpcd and bpnbat to run an arbitrary command with administrator privileges. [severity:3/4; CVE-2017-6401]

An attacker who controls the DNS server can tamper with hostnames, in order to raise its privileges. [severity:2/4; CVE-2017-6405]

A local attacker can acess to the pbx_exchange socket unexpectedly early, in order to escalate his privileges. [severity:2/4; CVE-2017-6408]

An attacker can tamper with log files, as their access rights are wrong. [severity:2/4; CVE-2017-6404]

An attacker can use hard coded well known username and password to spoof NetBackup Cloud Storage Service. [severity:2/4; CVE-2017-6403]

An attacker can make profit of lack of authentication on access to a CORBA interface to escalate his privileges. [severity:2/4; CVE-2017-6409]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7399

Veritas NetBackup Appliance: code execution via hostName

Synthesis of the vulnerability

An attacker can use a malicious parameter of Veritas NetBackup Appliance, in order to run code as root.
Impacted products: NetBackup.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 05/01/2017.
Identifiers: CVE-2016-7399, VIGILANCE-VUL-21516, VTS16-002.

Description of the vulnerability

The Veritas NetBackup Appliance product has a web service.

However, the hostName parameter of /appliancews/getLicense can contain shell commands.

An attacker can therefore use a malicious parameter of Veritas NetBackup Appliance, in order to run code as root.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-6550 CVE-2015-6551 CVE-2015-6552

Veritas NetBackup: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Veritas NetBackup.
Impacted products: NetBackup.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 27/04/2016.
Identifiers: CERTFR-2016-AVI-145, CVE-2015-6550, CVE-2015-6551, CVE-2015-6552, VIGILANCE-VUL-19473, VTS16-001.

Description of the vulnerability

Several vulnerabilities were announced in Veritas NetBackup.

A remote attacker can bypass security features in bpcd, in order to escalate his privileges. [severity:3/4; CVE-2015-6550]

An attacker can capture exchanges between Administration Console and NBU Server, in order to obtain the password. [severity:2/4; CVE-2015-6551]

An attacker can use a vulnerability in the RPC (Remote Procedure Call), in order to run code. [severity:3/4; CVE-2015-6552]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NetBackup: