CVE-2022-36998

MEDIUM

Veritas Flex Appliance - Out-of-Bounds Write

Title source: rule

Description

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the NetBackup Primary server, resulting in a denial of service.

References (1)

[Patch, Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS22-004#m3

Scores

CVSS v3 6.3

EPSS 0.0030

EPSS Percentile 52.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-787

Status published

Affected Products (35)

veritas/flex_appliance

veritas/flex_scale

veritas/netbackup

... and 20 more

Timeline

Published Jul 28, 2022

Tracked Since Feb 18, 2026