Arbitrary File Read Vulnerability in Veritas NetBackup Products
CVE-2022-36994

6.3MEDIUM

Key Information:

Vendor: Veritas
Status: Netbackup; Netbackup Appliance; Flex Appliance; Flex Scale
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-36994?

A vulnerability exists in Veritas NetBackup that allows an attacker with authenticated access to a NetBackup Client to arbitrarily read files from a NetBackup Primary server. This poses a significant risk as it may expose sensitive information and compromise the integrity of data managed by the affected NetBackup products. It is crucial for organizations using these versions to assess their exposure and apply the necessary updates to mitigate this security concern.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Jul 28, 2022