Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-6551

Опубликовано: 07 мая 2016
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:veritas:netbackup_appliance:1.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:1.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:1.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.5:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_appliance:2.7.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:veritas:netbackup:7.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup:7.7.1:*:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00297
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-v3v3-mrmr-8g62

CVSS3: 5.9
github
больше 3 лет назад

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

EPSS

Процентиль: 53%
0.00297
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200