CVE-2022-36954: 
Veritas NetBackup Client vulnerability analysis and mitigation

CVE-2022-36954 affects Veritas NetBackup OpsCenter versions 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. Under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts (Veritas Advisory, NVD).

The vulnerability has been assigned a Critical severity rating with a CVSS v3.1 Base Score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). This indicates that the vulnerability requires low attack complexity, needs low privileges, and can result in high impact to confidentiality, integrity, and availability (Veritas Advisory).

If exploited, this vulnerability allows an authenticated remote attacker to create or modify OpsCenter user accounts, potentially leading to unauthorized access and system compromise. The high CVSS score reflects the significant potential impact on system security (Veritas Advisory).

Veritas has released HotFixes for affected versions: NetBackup OpsCenter 8.3.0.2, 9.0.0.1, 9.1.0.1, and 10.0. Users should upgrade to one of these versions and apply the appropriate HotFix. Additionally, organizations should review their OpsCenter user accounts to ensure the vulnerability hasn't been exploited (Veritas Advisory).