CVE-2023-37237

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:h:veritas:netbackup_appliance:*:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*

History

07 Jul 2023, 16:00

Type Values Removed Values Added
CWE CWE-732
First Time Veritas
Veritas netbackup Appliance
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
CPE cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:*:*:*:*:*:*:*:*
References (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-004 - (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-004 - Vendor Advisory

29 Jun 2023, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-29 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-37237

Mitre link : CVE-2023-37237

CVE.ORG link : CVE-2023-37237


JSON object : View

Products Affected

veritas

  • netbackup_appliance
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource