CVE-2022-42307
MEDIUMVeritas NetBackup < 10.0.0.1 - XML External Entity Injection via DiscoveryService
Title source: llmDescription
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.veritas.com/content/support/en_US/security/VTS22-012#M2
Scores
CVSS v3
5.3
EPSS
0.0052
EPSS Percentile
39.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-611
Status
published
Products (1)
veritas/netbackup
< 10.0.0.1
Published
Oct 03, 2022
Tracked Since
Feb 18, 2026