XML External Entity Injection Vulnerability in Veritas NetBackup
CVE-2022-42301

5.4MEDIUM

Key Information:

Vendor: Veritas
Status: Netbackup
Vendor: CVE Published:; 3 October 2022

Summary

Veritas NetBackup and related products are susceptible to XML External Entity (XXE) injection attacks. This issue arises in the nbars process, allowing adversaries to exploit the NetBackup Primary server. By submitting crafted XML inputs, attackers could gain unauthorized access to sensitive data or manipulate the server's operations. It's crucial for users of affected versions to apply available security patches and adhere to best practices to mitigate the risk.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022