![]() ![]() THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. ![]() THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas would like to thank Palindrome Technologies for responsibly reporting this issue to us. See the Veritas Download Center for available updates: Questionsįor questions or problems regarding these vulnerabilities please contact Veritas Technical Support ( ) Acknowledgement Deploy the 10.0.0.1 Hotfix (upgrade to 10.0.0.1 is a pre-requisite).Privilege Escalation, or Defense Evasion. Deploy the 10.1.1 Hotfix (upgrade to 10.1.1 is a pre-requisite) Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Upgrade to 10.2.0.1 (highly recommended).RemediationĬustomers under a current maintenance contract should update to the NetBackup Snapshot Manager as described below: Earlier unsupported versions of the predecessor Veritas NetBackup CloudPoint application may be affected as well. CWE: 295 - Improper Certificate Validation.This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers. An Access Policy Manager (APM) per-request policy can be configured to determine whether to intercept. This vulnerability impacts only the jobs controlling the backup and restore activities and does not allow access or deletion of the backup snapshot data itself. Overview: Bypassing SSL forward proxy traffic with APM. Exploiting this vulnerability impacts the confidentiality and integrity of messages controlling the backup and restore jobs and could result in the service becoming unavailable. The vulnerability was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. 1.1: July 28, 2023: Updated Issue descriptionĪ vulnerability was discovered in Veritas NetBackup Snapshot Manager which allowed untrusted clients to interact with the RabbitMQ service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |