Unsigned File Vulnerability in Veritas NetBackup IT Analytics
CVE-2023-28818

5.3MEDIUM

Key Information:

Vendor: Veritas
Status: Netbackup It Analytics; Aptare It Analytics
Vendor: CVE Published:; 24 March 2023

Summary

A significant vulnerability exists in Veritas NetBackup IT Analytics 11 prior to version 11.2.0, where the application’s upgrade process incorporates unsigned files. This flaw allows malicious actors to exploit the system, potentially leading to the installation of rogue components. By leveraging this vulnerability, attackers could introduce unauthorized Collector executable files, specifically aptare.jar or upgrademanager.zip, onto the Portal server. These malicious files might subsequently be downloaded and deployed onto collectors, posing severe security risks to users and the integrity of the IT Analytics environment.

References

https://www.veritas.com/content/support/en_US/security/VT...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 24, 2023
Vulnerability Reserved
Mar 24, 2023