CVE-2017-17659

Name of the Vulnerable Software and Affected Versions: Quest NetVault Backup versions 11.3.0.12

Description: The issue is related to insufficient protection of the SQL query structure in the NVBUJobHistory Get method. This allows a remote attacker to execute arbitrary code by leveraging the lack of proper validation of a user-supplied string used to construct SQL queries. The attacker can execute code in the context of the underlying database. No authentication is required to exploit this issue.

Recommendations: For Quest NetVault Backup version 11.3.0.12, consider disabling the NVBUJobHistory Get method until a patch is available to prevent remote code execution. Restrict access to the underlying database to minimize the risk of exploitation. Avoid using user-supplied strings in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.