Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

Published

2024-03-07T07:15:08.377

Last Modified

2025-01-21T18:29:18.877

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	veritas	netbackup	< 8.1.2	Yes
Application	veritas	netbackup_appliance	< 3.1.2	Yes

References

https://www.veritas.com/content/support/en_US/security/VTS23-010 Vendor Advisory ([email protected])
https://www.veritas.com/content/support/en_US/security/VTS23-010 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)