CVE-2022-36989

HIGH

Veritas NetBackup <9.1.0.1 - RCE

Title source: llm

Description

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely execute arbitrary commands on a NetBackup Primary server.

References (1)

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS22-004#h2

Scores

CVSS v3 8.8

EPSS 0.0105

EPSS Percentile 77.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (35)

veritas/flex_appliance

veritas/flex_scale

veritas/netbackup

... and 20 more

Timeline

Published Jul 28, 2022

Tracked Since Feb 18, 2026