CVE-2004-1389

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer versions 3.4 through 4.5 Veritas NetBackup Administrative Assistant interface for DataCenter versions 3.4 through 4.5 Veritas NetBackup Administrative Assistant interface for Enterprise Server version 5.1 Veritas NetBackup Administrative Assistant interface for NetBackup Server versions 5.0 through 5.1

Description: The issue allows attackers to execute arbitrary commands via the bpjava-susvc process. This might be related to the call-back feature.

Recommendations: For NetBackup BusinesServer versions 3.4 through 4.5, consider disabling the call-back feature until a fix is available. For DataCenter versions 3.4 through 4.5, restrict access to the bpjava-susvc process to minimize the risk of exploitation. For Enterprise Server version 5.1, avoid using the bpjava-susvc process in the Administrative Assistant interface until the issue is resolved. For NetBackup Server versions 5.0 through 5.1, consider temporarily disabling the bpjava-susvc process as a mitigation measure.