CVE-2024-28222

Name of the Vulnerable Software and Affected Versions Veritas NetBackup versions prior to 8.1.2 Veritas NetBackup Appliance versions prior to 3.1.2

Description The issue is related to inadequate validation of the file path by the BPCD process, allowing an unauthenticated attacker to upload and execute a custom file. This could enable remote execution of malicious code on NetBackup servers and clients.

Recommendations For Veritas NetBackup versions prior to 8.1.2, update to version 8.1.2 or later. For Veritas NetBackup Appliance versions prior to 3.1.2, update to version 3.1.2 or later. As a temporary workaround, consider restricting access to the BPCD process to minimize the risk of exploitation.