CVE-2004-1389
Veritas NetBackup - RCE
Title source: llmDescription
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by patrick · rubyremotemultiple
https://www.exploit-db.com/exploits/9941
metasploit
WORKING POC
EXCELLENT
by aushack · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb
References (6)
Scores
EPSS
0.2826
EPSS Percentile
96.4%
Classification
Status
draft
Affected Products (9)
veritas/netbackup
veritas/netbackup
veritas/netbackup
veritas/netbackup
veritas/netbackup
veritas/netbackup
veritas/netbackup
veritas/netbackup
veritas/netbackup
Timeline
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026