CVE-2017-6409

CRITICAL

Veritas NetBackup < 8.0 and NetBackup Appliance < 3.0 - Unauthenticated Inappropriate Access via CORBA Interfaces

Title source: llm

Description

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96504

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037950

Vendor Advisory x_refsource_confirm

https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11

Scores

CVSS v3 9.8

EPSS 0.0136

EPSS Percentile 68.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (2)

veritas/netbackup < 8.0

veritas/netbackup_appliance < 3.0

Published Mar 02, 2017

Tracked Since Feb 18, 2026