Unknown
CVE-2009-3027
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- symantec
Products
- backup exec continuous protection server 11d,
- backup exec continuous protection server 12.0,
- backup exec continuous protection server 12.5,
- veritas application director 1.1,
- veritas backup exec 11d,
- veritas backup exec 12.0,
- veritas backup exec 12.5,
- veritas cluster server 3.5,
- veritas cluster server 4.0,
- veritas cluster server 4.1,
- veritas cluster server 5.0,
- veritas cluster server management console 5.1,
- veritas cluster server management console 5.5,
- veritas cluster server management console 5.5.1,
- veritas cluster server one 2.0,
- veritas cluster server one 2.0.1,
- veritas cluster server one 2.0.2,
- veritas command central enterprise reporter 5.0 ga,
- veritas command central enterprise reporter 5.0mp1,
- veritas command central enterprise reporter 5.0mp1rp1,
- veritas command central enterprise reporter 5.1,
- veritas command central storage 4.x,
- veritas command central storage 5.0,
- veritas command central storage 5.1,
- veritas command central storage change manager 5.0,
- veritas command central storage change manager 5.1,
- veritas micromeasure 5.0,
- veritas netbackup operations manager 6.0 ga,
- veritas netbackup operations manager 6.5.5,
- veritas netbackup reporter 6.0 ga,
- veritas netbackup reporter 6.6,
- veritas storae foundation 3.5 onwards,
- veritas storage foundation 3.5,
- veritas storage foundation cluster file system 3.5,
- veritas storage foundation cluster file system 4.0,
- veritas storage foundation cluster file system 4.1,
- veritas storage foundation cluster file system 5.0,
- veritas storage foundation cluster file system for oracle rac 5.0,
- veritas storage foundation for db2 4.1,
- veritas storage foundation for db2 5.0,
- veritas storage foundation for high availability 3.5,
- veritas storage foundation for oracle 4.1,
- veritas storage foundation for oracle 5.0,
- veritas storage foundation for oracle 5.0.1,
- veritas storage foundation for oracle real application cluster 3.5,
- veritas storage foundation for oracle real application cluster 4.0,
- veritas storage foundation for oracle real application cluster 4.1,
- veritas storage foundation for oracle real application cluster 5.0,
- veritas storage foundation for sybase 4.1,
- veritas storage foundation for sybase 5.0,
- veritas storage foundation for windows high availability 4.3mp2,
- veritas storage foundation for windows high availability 5.0,
- veritas storage foundation for windows high availability 5.0rp1a,
- veritas storage foundation for windows high availability 5.0rp2,
- veritas storage foundation for windows high availability 5.1,
- veritas storage foundation for windows high availability 5.1ap1,
- veritas storage foundation manager 1.0,
- veritas storage foundation manager 1.0mp1,
- veritas storage foundation manager 1.1,
- veritas storage foundation manager 1.1.1ux,
- veritas storage foundation manager 1.1.1win,
- veritas storage foundation manager 2.0
References
Advisory
Miscellaneous
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: