CVE-2023-28818

MEDIUM

Veritas NetBackup IT Analytics <11.2.0 - Code Injection

Title source: llm

Description

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0007
EPSS Percentile 21.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE
CWE-494 CWE-347
Status published

Affected Products (3)

veritas/aptare_it_analytics < 10.6.00
veritas/netbackup_it_analytics
veritas/netbackup_it_analytics

Timeline

Published Mar 24, 2023
Tracked Since Feb 18, 2026