CVE-2023-40256

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 11, 2023

Updated: Aug 18, 2023

CWE ID 295

Summary

CVE-2023-40256 is a vulnerability affecting Veritas NetBackup Snapshot Manager versions prior to 10.2.0.1. A misconfiguration in the RabbitMQ service leads to inadequate client certificate validation, enabling untrusted clients to interact with it. The consequences of this flaw are the compromise of messages related to backup and restore jobs, potentially impacting their confidentiality, integrity, and availability. This issue is limited to the NetBackup Snapshot Manager feature and does not grant access to or deletion of backup snapshot data on the NetBackup primary servers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Veritas

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sTJ9Fu
https://www.cve.org/CVERecord?id=CVE-2023-40256
https://nvd.nist.gov/vuln/detail/CVE-2023-40256

Back to Vulnerability Database

CVE-2023-40256

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations