CVE-2022-45461

Name of the Vulnerable Software and Affected Versions Veritas NetBackup versions through 10.1 Veritas NetBackup Appliance versions (affected versions not specified) Related Veritas products on Linux and UNIX versions (affected versions not specified)

Description The Java Admin Console in Veritas NetBackup allows authenticated non-root users, who have been explicitly added to the auth.conf file, to execute arbitrary commands as root. This issue is related to the failure to neutralize special elements used in operating system commands. Exploitation of this issue may allow a remote attacker to execute arbitrary commands as the root user.

Recommendations For Veritas NetBackup versions through 10.1, consider disabling the Java Admin Console until a patch is available. For Veritas NetBackup Appliance and related Veritas products on Linux and UNIX, at the moment, there is no information about a newer version that contains a fix for this vulnerability.