CVE-2022-36990
Summary
| CVE | CVE-2022-36990 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-28 01:15:00 UTC |
| Updated | 2022-08-09 16:24:00 UTC |
| Description | An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely write arbitrary files to arbitrary locations from any Client to any other Client via a Primary server. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Veritas | Flex Appliance | 1.2 | All | All | All |
| Application | Veritas | Flex Appliance | 1.3 | All | All | All |
| Application | Veritas | Flex Appliance | 2.0 | All | All | All |
| Application | Veritas | Flex Appliance | 2.0.1 | All | All | All |
| Application | Veritas | Flex Appliance | 2.0.2 | All | All | All |
| Application | Veritas | Flex Appliance | 2.1 | All | All | All |
| Application | Veritas | Flex Scale | 1.3.1 | All | All | All |
| Application | Veritas | Flex Scale | 2.1 | All | All | All |
| Application | Veritas | Netbackup | 8.1.1 | All | All | All |
| Application | Veritas | Netbackup | 8.1.2 | All | All | All |
| Application | Veritas | Netbackup | 8.2 | All | All | All |
| Application | Veritas | Netbackup | 8.3 | All | All | All |
| Application | Veritas | Netbackup | 8.3.0.1 | All | All | All |
| Application | Veritas | Netbackup | 8.3.0.2 | All | All | All |
| Application | Veritas | Netbackup | 9.0 | All | All | All |
| Application | Veritas | Netbackup | 9.0.0.1 | All | All | All |
| Application | Veritas | Netbackup | 9.1 | All | All | All |
| Application | Veritas | Netbackup | 9.1.0.1 | All | All | All |
| Application | Veritas | Netbackup Appliance | 3.1.1 | All | All | All |
| Application | Veritas | Netbackup Appliance | 3.1.2 | All | All | All |
| Application | Veritas | Netbackup Appliance | 3.2 | All | All | All |
| Application | Veritas | Netbackup Appliance | 4.0 | All | All | All |
| Application | Veritas | Netbackup Appliance | 4.1 | All | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.2 | maintenance_release1 | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.2 | maintenance_release2 | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.2 | maintenance_release3 | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.3.0.1 | maintenance_release1 | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.3.0.1 | maintenance_release2 | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.3.0.2 | maintenance_release1 | All | All |
| Hardware | Veritas | Netbackup Appliance | 3.3.0.2 | maintenance_release2 | All | All |
| Hardware | Veritas | Netbackup Appliance | 4.0.0.1 | maintenance_release1 | All | All |
| Hardware | Veritas | Netbackup Appliance | 4.0.0.1 | maintenance_release2 | All | All |
| Hardware | Veritas | Netbackup Appliance | 4.0.0.1 | maintenance_release3 | All | All |
| Hardware | Veritas | Netbackup Appliance | 4.1.0.1 | maintenance_release1 | All | All |
| Hardware | Veritas | Netbackup Appliance | 4.1.0.1 | maintenance_release2 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| VTS22-004: HotFix for Security Advisory impacting NetBackup – Primary/Media Server | Veritas™ | MISC | www.veritas.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378530 Veritas NetBackup Multiple Vulnerabilities (VTS22-004)