CVE-2022-46414

CRITICAL

Veritas NetBackup <3.0, Access Appliance <8.0.100 - RCE

Title source: llm

Description

An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.

References (1)

Core 1

Core References

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS22-019#issue1

Scores

CVSS v3 9.8

EPSS 0.0126

EPSS Percentile 65.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

veritas/access_appliance < 8.0.100

veritas/netbackup_flex_scale_appliance < 3.0

Published Dec 04, 2022

Tracked Since Feb 18, 2026