CVE-2023-28818
CVSS V2 None
CVSS V3 None
Description
An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.
Overview
- CVE ID
- CVE-2023-28818
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-24T04:15:56
- Last Modified Date
- 2023-03-31T13:01:26
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:veritas:aptare_it_analytics:*:*:*:*:*:*:*:* | 1 | OR | 10.6.00 | |
| cpe:2.3:a:veritas:netbackup_it_analytics:11.0.00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:veritas:netbackup_it_analytics:11.1.00:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://www.veritas.com/content/support/en_US/security/VTS23-002 | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-28818 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28818 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 03:18:48 | Added to TrackCVE | |||
| 2023-04-17 03:18:51 | Weakness Enumeration | new |