1. Home
  2. CVE Database
  3. CVE-2024-28222
CRITICAL · 9.8

CVE-2024-28222

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

Vulnerability Description

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
VeritasNetbackup< 8.1.2
VeritasNetbackup Appliance< 3.1.2

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2024-28222?

CVE-2024-28222 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

How severe is CVE-2024-28222?

CVE-2024-28222 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-28222?

Check the references section above for vendor advisories and patch information. Affected products include: Veritas Netbackup, Veritas Netbackup Appliance.