CVE-2024-28222 CRITICAL

CVE-2024-28222

Vendor N/A
Product n/a
Published March 7, 2024
Last update November 15, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

What the vulnerability does

01Description

In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file.

Key dates

02Disclosure timeline

March 7, 2024 CVE published
November 15, 2024 Record updated