CVE-2023-40256

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:veritas:netbackup_snapshot_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:9.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:9.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:9.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.0.0.1:-:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.1.1:-:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.2:*:*:*:*:*:*:*

History

21 Nov 2024, 08:19

Type Values Removed Values Added
References () https://www.veritas.com/content/support/en_US/security/VTS23-011 - Vendor Advisory () https://www.veritas.com/content/support/en_US/security/VTS23-011 - Vendor Advisory

18 Aug 2023, 18:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Veritas
Veritas netbackup Snapshot Manager
CWE CWE-295
CPE cpe:2.3:a:veritas:netbackup_snapshot_manager:10.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:9.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.0.0.1:-:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.1.1:-:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:9.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:9.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:10.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_snapshot_manager:*:*:*:*:*:*:*:*
References (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-011 - (MISC) https://www.veritas.com/content/support/en_US/security/VTS23-011 - Vendor Advisory

11 Aug 2023, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-11 05:15

Updated : 2024-11-21 08:19


NVD link : CVE-2023-40256

Mitre link : CVE-2023-40256

CVE.ORG link : CVE-2023-40256


JSON object : View

Products Affected

veritas

  • netbackup_snapshot_manager
CWE
CWE-295

Improper Certificate Validation