CVE-2023-28818

CVSS 5.3 MEDIUMEPSS 0.2%CWE-494

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

24 mar 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N

Productos afectados

n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.veritas.com/content/support/en_US/security/VTS23-002