CVE-2023-28818

Name of the Vulnerable Software and Affected Versions Veritas NetBackup IT Analytics versions prior to 11.2.0

Description The issue is related to errors in cryptographic signature verification, which could allow a remote attacker to compromise data integrity. A malicious actor could exploit the application upgrade process, which includes unsigned files, to install rogue Collector executable files, such as aptare.jar or upgrademanager.zip, on the Portal server. These files might then be downloaded and installed on collectors.

Recommendations For Veritas NetBackup IT Analytics versions prior to 11.2.0, update to version 11.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Portal server to minimize the risk of exploitation. Avoid using the unsigned files in the application upgrade process until the issue is resolved.