Vulnerability DatabaseCVE-2022-36994

CVE-2022-36994:
Veritas NetBackup Client vulnerability analysis and mitigation

Overview

An issue was discovered in Veritas NetBackup versions 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). The vulnerability (CVE-2022-36994) was disclosed in July 2022 and affects the NetBackup Primary server component. This medium severity vulnerability allows an attacker with authenticated access to a NetBackup Client to arbitrarily read files from a NetBackup Primary server (Veritas Advisory).

Technical details

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.3 (AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H), indicating medium severity. The attack requires network access and authenticated access to a NetBackup Client, with high attack complexity. The vulnerability allows for arbitrary file read operations against the NetBackup Primary server (Veritas Advisory).

Impact

If successfully exploited, this vulnerability allows an authenticated attacker to arbitrarily read files from a NetBackup Primary server. This could potentially lead to unauthorized access to sensitive information stored on the server (Veritas Advisory).

Mitigation and workarounds

Veritas has released HotFixes for affected versions: NetBackup 8.1.2, 8.2, 8.3.0.1, 8.3.0.2, 9.0.0.1, and 9.1.0.1. Users are advised to apply the appropriate HotFix to Primary servers as well as all Media servers. For versions prior to 8.1.2, users should upgrade to a newer version and then apply the corresponding NetBackup HotFix (Veritas Advisory).

Additional resources

Veritas Advisory

Source: This report was generated using AI

Related Veritas NetBackup Client vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-28222	CRITICAL	9.8	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Mar 07, 2024
CVE-2024-52945	HIGH	7.8	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Nov 18, 2024
CVE-2023-28759	HIGH	7.8	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Mar 23, 2023
CVE-2024-33672	HIGH	7.1	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Apr 26, 2024
CVE-2023-28758	HIGH	7.1	Veritas NetBackup Client	cpe:2.3:a:veritas:netbackup	No	Yes	Mar 23, 2023

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-36994: Veritas NetBackup Client vulnerability analysis and mitigation