CVE-2022-36997

HIGH

Veritas NetBackup 8.1.x-8.1.2, 8.2, 8.3.x-8.3.0.2, 9.x-9.0.0.1, 9.1.x-9.1.0.1 - Arbitrary File Read, SSRF, and DoS

Title source: llm

Description

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger impacts that include arbitrary file read, Server-Side Request Forgery (SSRF), and denial of service.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.veritas.com/content/support/en_US/security/VTS22-004#h9

Scores

CVSS v3 7.1

EPSS 0.0059

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Details

CWE

CWE-918

Status published

Products (27)

veritas/flex_appliance 1.2

veritas/flex_appliance 1.3

veritas/flex_appliance 2.0

veritas/flex_appliance 2.0.1

veritas/flex_appliance 2.0.2

veritas/flex_appliance 2.1

veritas/flex_scale 1.3.1

veritas/flex_scale 2.1

veritas/netbackup 8.1.1

veritas/netbackup 8.1.2

... and 17 more

Published Jul 28, 2022

Tracked Since Feb 18, 2026