SQL Injection Vulnerability in Veritas NetBackup Server
CVE-2022-42302

9CRITICAL

Key Information:

Vendor: Veritas
Status: Netbackup
Vendor: CVE Published:; 3 October 2022

What is CVE-2022-42302?

A vulnerability has been identified in Veritas NetBackup, specifically affecting versions up to 10.0. The NetBackup Primary server can be exploited through a SQL Injection attack on the NBFSMCLIENT service, potentially compromising sensitive data and system integrity. It is crucial for users to apply necessary security updates and implement measures to secure their environments from this type of threat.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022