CVE-2023-28818 MEDIUM

CVE-2023-28818

Vendor N/A
Product n/a
Published March 24, 2023
Last update February 19, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:N/I:L/PR:N/S:U/UI:N

What the vulnerability does

01Description

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

Key dates

02Disclosure timeline

March 24, 2023 CVE published
February 19, 2025 Record updated