CVE-2023-37237
First published: Thu Jun 29 2023(Updated: )
In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Veritas NetBackup Appliance | <4.1.0.1 | |
| Veritas NetBackup Appliance | =4.1.0.1-maintenance_release1 | |
| Veritas NetBackup Appliance | =4.1.0.1-maintenance_release2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security issue in Veritas NetBackup Appliance?
The vulnerability ID of this security issue in Veritas NetBackup Appliance is CVE-2023-37237.
What is the severity level of CVE-2023-37237?
The severity level of CVE-2023-37237 is high (7.2).
How can an authenticated Admin exploit this vulnerability?
An authenticated Admin can exploit this vulnerability by bypassing shell restrictions and executing arbitrary operating system commands via SSH.
Which versions of Veritas NetBackup Appliance are affected by this vulnerability?
Versions up to and excluding 4.1.0.1 MR3 of Veritas NetBackup Appliance are affected by this vulnerability.
How can I fix the vulnerability in Veritas NetBackup Appliance?
To fix the vulnerability in Veritas NetBackup Appliance, upgrade to version 4.1.0.1 MR3 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/veritas
- canonical/veritas netbackup appliance
- version/veritas netbackup appliance/4.1.0.1-maintenance_release1
- version/veritas netbackup appliance/4.1.0.1-maintenance_release2