PT-2024-25860 · Veritas · Veritas Netbackup+1
Published
2024-05-03
·
Updated
2024-05-03
·
CVE-2024-34404
CVSS v3.1
6.8
Medium
| Vector | AC:L/AV:N/A:N/C:N/I:H/PR:H/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
Veritas NetBackup versions prior to 10.4
NetBackup Appliance versions prior to 5.4
Description
A vulnerability was discovered in the Alta Recovery Vault feature, allowing a NetBackup administrator to modify the expiration of backups under Governance mode. This could cause premature deletion of backups, as only the cloud administrator should have this capability by design.
Recommendations
For Veritas NetBackup versions prior to 10.4, update to version 10.4 or later to resolve the issue.
For NetBackup Appliance versions prior to 5.4, update to version 5.4 or later to resolve the issue.
As a temporary workaround, consider restricting access to the Alta Recovery Vault feature to prevent unauthorized modification of backup expirations.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netbackup Appliance
Veritas Netbackup