scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x up to and including 2.6.0.4, 2.6.1.x up to and including 2.6.1.2, 2.7.x up to and including 2.7.3, and 3.0.x allow remote malicious users to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
veritas netbackup_appliance_firmware 2.6.0.0 |
||
veritas netbackup_appliance_firmware 2.6.0.1 |
||
veritas netbackup_appliance_firmware 2.7.1.0 |
||
veritas netbackup_appliance_firmware 2.7.2.0 |
||
veritas netbackup_appliance_firmware 2.6.0.4 |
||
veritas netbackup_appliance_firmware 2.6.1.0 |
||
veritas netbackup_appliance_firmware 2.6.0.2 |
||
veritas netbackup_appliance_firmware 2.6.0.3 |
||
veritas netbackup_appliance_firmware 3.0.0.0 |
||
veritas netbackup_appliance_firmware 2.6.1.1 |
||
veritas netbackup_appliance_firmware 2.6.1.2 |
||
veritas netbackup_appliance_firmware 2.7.0.0 |