CVE-2022-36952: 
Veritas NetBackup Client vulnerability analysis and mitigation

In Veritas NetBackup OpsCenter, a hard-coded credential vulnerability (CVE-2022-36952) was discovered that could be exploited to compromise the underlying VxSS subsystem. This vulnerability affects versions 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and version 10 (Veritas Advisory, Red Hat CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a high severity level. The vulnerability stems from the presence of hard-coded credentials within the application that could be leveraged to exploit the VxSS (Veritas Security Services) subsystem (Veritas Advisory).

The presence of hard-coded credentials could allow attackers to gain unauthorized access to the VxSS subsystem, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected system (Veritas Advisory).

Veritas has released HotFixes for affected versions. Users are recommended to upgrade to version 8.3.0.2, 9.0.0.1, 9.1.0.1, or 10.0 and apply the appropriate HotFix. The specific HotFixes available are: VTS22-009 Security Advisory and Apache Log4J 2.17.1 for versions 8.3.0.2, 9.0.0.1, and 9.1.0.1, and VTS22-009 Security Advisory for version 10.0 (Veritas Advisory).