CVE-2017-17413

Name of the Vulnerable Software and Affected Versions: Quest NetVault Backup versions 11.3.0.12

Description: The issue is related to insufficient protection of the SQL query structure in the NVBUBackupTargetSet Get method of the NetVault Backup software. This allows a remote attacker to execute arbitrary code on vulnerable installations. The flaw exists due to the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database.

Recommendations: For Quest NetVault Backup version 11.3.0.12, consider disabling the NVBUBackupTargetSet Get method until a patch is available to prevent remote code execution. Restrict access to the NetVault Backup Server Process Manager Service to minimize the risk of exploitation. Avoid using user-supplied strings in SQL queries until the issue is resolved.