CVE-2022-36985

HIGH

Veritas NetBackup <9.1.0.1 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with unprivileged local access to a Windows NetBackup Primary server could potentially escalate their privileges.

References (1)

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS22-004#h7

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 17.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (35)

veritas/flex_appliance

veritas/flex_scale

veritas/netbackup

... and 20 more

Timeline

Published Jul 28, 2022

Tracked Since Feb 18, 2026