CVE-2022-42301
MEDIUMVeritas NetBackup < 10.0.0.1 - XML External Entity Injection via nbars Process
Title source: llmDescription
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.veritas.com/content/support/en_US/security/VTS22-013#M1
Scores
CVSS v3
5.4
EPSS
0.0054
EPSS Percentile
41.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (1)
veritas/netbackup
< 10.0.0.1
Published
Oct 03, 2022
Tracked Since
Feb 18, 2026