CVE-2023-28818

EPSS 0.05%
Published 24.03.2023 04:15:56
Last modified 19.02.2025 22:15:16
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Veritas ≫ Aptare It Analytics Version < 10.6.00

Veritas ≫ Netbackup It Analytics Version11.0.00

Veritas ≫ Netbackup It Analytics Version11.1.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.167

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cve@mitre.org	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

https://www.veritas.com/content/support/en_US/security/VTS23-002

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-28818

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-28818

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-28818

EUVD