Remote Information Disclosure in Veritas NetBackup Products
CVE-2022-36996

4.3MEDIUM

Key Information:

Vendor: Veritas
Status: Netbackup; Netbackup Appliance; Flex Appliance; Flex Scale
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-36996?

Veritas NetBackup products are affected by a vulnerability allowing an authenticated attacker with access to a NetBackup Client to remotely gather sensitive information. This includes details about any host recognized by a NetBackup Primary server, potentially leading to further access or exploitation of the affected network. The security flaw spans several versions of NetBackup, emphasizing the need for timely updates and appropriate security measures.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Jul 28, 2022