PT-2022-26356 · Veritas · Veritas Netbackup
Published
2022-10-03
·
Updated
2022-10-04
·
CVE-2022-42301
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Veritas NetBackup versions prior to 10.0.0.1
Description
An issue was discovered that makes the NetBackup Primary server vulnerable to an XML External Entity (XXE) injection attack through the nbars process.
Recommendations
For versions prior to 10.0.0.1, update to a version that contains a fix for this issue to prevent XXE injection attacks.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Veritas Netbackup