CVE-2023-28758

Name of the Vulnerable Software and Affected Versions Veritas NetBackup versions prior to 8.3.0.2

Description An issue was discovered that allows an unprivileged user to specify a log file path when executing a NetBackup command, potentially leading to the overwrite of existing NetBackup log files.

Recommendations For versions prior to 8.3.0.2, update to version 8.3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the BPCD functionality to prevent unprivileged users from specifying log file paths.