CVE-2022-36949: 
Veritas NetBackup Client vulnerability analysis and mitigation

In Veritas NetBackup OpsCenter, a critical vulnerability (CVE-2022-36949) was discovered that allows an attacker with local access to a NetBackup OpsCenter server to potentially escalate their privileges. This vulnerability affects versions 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10 (Veritas Advisory, NVD).

The vulnerability has been assigned a Critical severity rating with a CVSS v3.1 Base Score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N). The scope is changed (S:C), with high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H) (Veritas Advisory).

If successfully exploited, this vulnerability allows an attacker with local access to escalate their privileges on the NetBackup OpsCenter server, potentially gaining full control over the system. The high CVSS score of 9.3 indicates severe potential consequences for system security (Veritas Advisory).

Veritas recommends upgrading to version 8.3.0.2, 9.0.0.1, 9.1.0.1, or 10.0 to address this vulnerability. For version 8.2 and earlier, users should upgrade to one of these newer versions as a remediation measure (Veritas Advisory).