CVE-2022-36987

HIGH

Veritas NetBackup <9.1.0.1 - Privilege Escalation

Title source: llm

Description

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could arbitrarily write files to a NetBackup Primary server.

References (1)

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS22-004#h4

Scores

CVSS v3 8.5

EPSS 0.0045

EPSS Percentile 63.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

Status published

Affected Products (35)

veritas/flex_appliance

veritas/flex_scale

veritas/netbackup

... and 20 more

Timeline

Published Jul 28, 2022

Tracked Since Feb 18, 2026