CVE-2022-45461

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
17/11/2022
Last modified:
29/04/2025

Description

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:* 10.1 (including)
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*