First published: Thu Jul 28 2022(Updated: )
An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path on a NetBackup Primary server.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Veritas Flex Appliance | =1.2 | |
Veritas Flex Appliance | =1.3 | |
Veritas Flex Appliance | =2.0 | |
Veritas Flex Appliance | =2.0.1 | |
Veritas Flex Appliance | =2.0.2 | |
Veritas Flex Appliance | =2.1 | |
Veritas Flex Scale | =1.3.1 | |
Veritas Flex Scale | =2.1 | |
Veritas NetBackup | =8.1.1 | |
Veritas NetBackup | =8.1.2 | |
Veritas NetBackup | =8.2 | |
Veritas NetBackup | =8.3 | |
Veritas NetBackup | =8.3.0.1 | |
Veritas NetBackup | =8.3.0.2 | |
Veritas NetBackup | =9.0 | |
Veritas NetBackup | =9.0.0.1 | |
Veritas NetBackup | =9.1 | |
Veritas NetBackup | =9.1.0.1 | |
Veritas NetBackup Appliance | =3.1.1 | |
Veritas NetBackup Appliance | =3.1.2 | |
Veritas NetBackup Appliance | =3.2 | |
Veritas NetBackup Appliance | =4.0 | |
Veritas NetBackup Appliance | =4.1 | |
Veritas NetBackup Appliance | =3.2-maintenance_release1 | |
Veritas NetBackup Appliance | =3.2-maintenance_release2 | |
Veritas NetBackup Appliance | =3.2-maintenance_release3 | |
Veritas NetBackup Appliance | =3.3.0.1-maintenance_release1 | |
Veritas NetBackup Appliance | =3.3.0.1-maintenance_release2 | |
Veritas NetBackup Appliance | =3.3.0.2-maintenance_release1 | |
Veritas NetBackup Appliance | =3.3.0.2-maintenance_release2 | |
Veritas NetBackup Appliance | =4.0.0.1-maintenance_release1 | |
Veritas NetBackup Appliance | =4.0.0.1-maintenance_release2 | |
Veritas NetBackup Appliance | =4.0.0.1-maintenance_release3 | |
Veritas NetBackup Appliance | =4.1.0.1-maintenance_release1 | |
Veritas NetBackup Appliance | =4.1.0.1-maintenance_release2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-36991 is a vulnerability in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1, and related NetBackup products, where an attacker with authenticated access to a NetBackup Client could arbitrarily write content to a partially controlled path.
CVE-2022-36991 has a severity score of 6.5, which is considered high.
Veritas NetBackup versions 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products) are affected by CVE-2022-36991.
The impact of CVE-2022-36991 is that an attacker with authenticated access to a NetBackup Client can write arbitrary content to a partially controlled path.
Yes, Veritas has released patches to address this vulnerability. It is recommended to update to the latest version of Veritas NetBackup or apply the relevant security patches.