CVE-2022-42301

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

A

n issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.

References

Link	Resource
https://www.veritas.com/content/support/en_US/security/VTS22-013#M1	Patch Vendor Advisory
https://www.veritas.com/content/support/en_US/security/VTS22-013#M1	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:24

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 5.4
References	~~() https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 - Patch, Vendor Advisory~~	() https://www.veritas.com/content/support/en_US/security/VTS22-013#M1 - Patch, Vendor Advisory

Information

Published : 2022-10-03 15:15

Updated : 2024-11-21 07:24

NVD link : CVE-2022-42301

Mitre link : CVE-2022-42301

CVE.ORG link : CVE-2022-42301

JSON object : View

Products Affected

netbackup

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2022-42301", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-10-03T15:15:20.730", "references": [{"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.veritas.com/content/support/en_US/security/VTS22-013#M1", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process."}, {"lang": "es", "value": "Se ha detectado un problema en Veritas NetBackup versiones hasta 10.0.0.1 y en los productos de Veritas relacionados. El servidor NetBackup Primary es vulnerable a un ataque de tipo XML External Entity (XXE) mediante el proceso nbars"}], "lastModified": "2024-11-21T07:24:41.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69934CDE-4DC7-4E6F-8FE1-2D4FACA7F7B5", "versionEndIncluding": "10.0.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}