CVE-2017-17658

Name of the Vulnerable Software and Affected Versions: Quest NetVault Backup versions 11.3.0.12

Description: The issue is related to insufficient protection of the SQL query structure in the NVBUJobDefinition Get method of the NetVault Backup software. This allows a remote attacker to execute arbitrary code. The flaw exists due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database.

Recommendations: For Quest NetVault Backup version 11.3.0.12, consider disabling the NVBUJobDefinitions Get method until a patch is available to prevent exploitation of the SQL injection vulnerability. Restrict access to the underlying database to minimize the risk of code execution. Avoid using user-supplied strings in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.