scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
2017-01-04T21:59:00.167
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | veritas | netbackup_appliance_firmware | 2.6.0.0 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.0.1 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.0.2 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.0.3 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.0.4 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.1.0 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.1.1 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.6.1.2 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.7.0.0 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.7.1.0 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 2.7.2.0 | Yes |
| Operating System | veritas | netbackup_appliance_firmware | 3.0.0.0 | Yes |
| Hardware | veritas | netbackup_appliance | - | No |