CVE-2022-36988

HIGH

Veritas NetBackup <9.1.0.1 - RCE

Title source: llm

Description

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server could remotely execute arbitrary commands on a NetBackup Primary server or NetBackup Media server.

References (1)

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS22-004#h6

Scores

CVSS v3 8.0

EPSS 0.0057

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

Status published

Affected Products (35)

veritas/flex_appliance

veritas/flex_scale

veritas/netbackup

... and 20 more

Timeline

Published Jul 28, 2022

Tracked Since Feb 18, 2026