SQL Injection Vulnerability in Veritas NetBackup and Related Products
CVE-2022-42304

8HIGH

Key Information:

Vendor: Veritas
Status: Netbackup
Vendor: CVE Published:; 3 October 2022

What is CVE-2022-42304?

A vulnerability exists in Veritas NetBackup and related products that allows an attacker to exploit SQL Injection vulnerabilities through the NetBackup Primary server. This can impact components such as idm, nbars, and SLP manager code, potentially leading to unauthorized access and manipulation of sensitive data.

References

https://www.veritas.com/content/support/en_US/security/VT...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Oct 3, 2022