Veritas NetBackup 2.7.1

CPE Details

Veritas NetBackup 2.7.1
veritas
netbackup_appliance
2.7.1
2017-03-02
16h40 +00:00
2017-03-02
16h40 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*

Informations

Vendor

veritas

Product

netbackup_appliance

Version

2.7.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-28222 2024-03-06 23h00 +00:00 In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.
9.8
Critical
CVE-2019-9868 2019-03-19 14h54 +00:00 An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
7.2
High
CVE-2019-9867 2019-03-19 14h53 +00:00 An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
7.2
High
CVE-2018-18652 2018-10-25 21h00 +00:00 A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
7.2
High
CVE-2017-8856 2017-05-09 19h00 +00:00 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
9.8
Critical
CVE-2017-8857 2017-05-09 19h00 +00:00 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
9.8
Critical
CVE-2017-8858 2017-05-09 19h00 +00:00 In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
9.8
Critical
CVE-2017-8859 2017-05-09 19h00 +00:00 In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
9.8
Critical
CVE-2017-6399 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
8.8
High
CVE-2017-6400 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system).
8.8
High
CVE-2017-6401 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.
7.8
High
CVE-2017-6402 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.
6.5
Medium
CVE-2017-6403 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password.
9.8
Critical
CVE-2017-6405 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing.
7.5
High
CVE-2017-6406 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur.
8.8
High
CVE-2017-6407 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur.
8.8
High
CVE-2017-6408 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured.
7
High
CVE-2017-6409 2017-03-02 05h00 +00:00 An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.
9.8
Critical
CVE-2015-6550 2016-05-07 12h00 +00:00 bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input.
9.8
Critical
CVE-2015-6551 2016-05-07 12h00 +00:00 Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.
5.9
Medium
CVE-2015-6552 2016-05-07 12h00 +00:00 The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors.
9.8
Critical