Veritas: Security Vulnerabilities
Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-05-14
Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-05-14
An arbitrary command injection vulnerability in the Cluster Server component of Veritas InfoScale allows an unauthenticated remote attacker to execute arbitrary commands as root or administrator. These Veritas products are affected: Access 7.4.2 and earlier, Access Appliance 7.4.2 and earlier, Flex Appliance 1.2 and earlier, InfoScale 7.3.1 and earlier, InfoScale between 7.4.0 and 7.4.1, Veritas Cluster Server (VCS) 6.2.1 and earlier on Linux/UNIX, Veritas Cluster Server (VCS) 6.1 and earlier on Windows, Storage Foundation HA (SFHA) 6.2.1 and earlier on Linux/UNIX, and Storage Foundation HA (SFHA) 6.1 and earlier on Windows.
CVSS Score
9.8
EPSS Score
0.064
Published
2019-11-05
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another user's browser, related to resiliency plans functionality. A victim must open a resiliency plan that an attacker has access to.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-07-29
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to resiliency plans and custom script functionality.
CVSS Score
7.2
EPSS Score
0.011
Published
2019-07-29
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. An arbitrary command execution vulnerability allows a malicious VRP user to execute commands with root privilege within the VRP virtual machine, related to DNS functionality.
CVSS Score
7.2
EPSS Score
0.005
Published
2019-07-29
An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existing files to take control of the VRP virtual machine.
CVSS Score
9.1
EPSS Score
0.052
Published
2019-07-29
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-03-21
An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The SMTP password is displayed to an administrator.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-03-21
A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.
CVSS Score
7.2
EPSS Score
0.014
Published
2018-10-25