Vulnerability Description
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veritas | Aptare It Analytics | < 10.6.00 |
| Veritas | Netbackup It Analytics | 11.0.00 |
Related Weaknesses (CWE)
References
- https://www.veritas.com/content/support/en_US/security/VTS23-002Vendor Advisory
- https://www.veritas.com/content/support/en_US/security/VTS23-002Vendor Advisory
FAQ
What is CVE-2023-28818?
CVE-2023-28818 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthen...
How severe is CVE-2023-28818?
CVE-2023-28818 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28818?
Check the references section above for vendor advisories and patch information. Affected products include: Veritas Aptare It Analytics, Veritas Netbackup It Analytics.