CVE-2017-17417

Name of the Vulnerable Software and Affected Versions: Quest NetVault Backup version 11.3.0.12

Description: The issue is related to insufficient protection of the SQL query structure in the NVBUPhaseStatus Acknowledge method requests handling. This allows a remote attacker to execute arbitrary code on vulnerable installations. The problem stems from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database.

Recommendations: For Quest NetVault Backup version 11.3.0.12, consider disabling the NVBUPhaseStatus Acknowledge method until a patch is available to prevent potential exploitation. Restrict access to the database to minimize the risk of arbitrary code execution. Avoid using user-supplied strings in SQL queries without proper validation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.