An issue was discovered in the Web Console in Veritas NetBackup Appliance through 3.1.2. The proxy server password is displayed to an administrator.

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input.

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.

In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.

In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat.

An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur.