Please note: This vulnerability affects NetBackup customers on Windows Only
Veritas OpenSSL Vulnerability in NetBackup and OpsCenter for Windows
Veritas has found a vulnerability in NetBackup and OpsCenter that could allow attackers to remotely run code as administrator
Veritas has found 2 potential vulnerabilities in NetBackup and OpsCenter that could allow remote attackers to exploit the vulnerabilities, and remotely compromise the system by running programs as administrator.
The first issue is when NetBackup is using OpenSSL to attempt to load libraries in paths that do not exist. The Second issue is when NetBackup processes are using Strawberry Perl which will attempt to load and execute libraries in paths that do not exist by default.
Any unpatched NetBackup and OpsCenter pre-versions 18.104.22.168 are vulnerable to remote attack via exploiting OpenSSL and Strawberry Perl where if exploited the attackers could run arbitrary code as administrator and possibly take over the system remotely.
Veritas recommends that you update and install the latest hotfixes for the newer versions or visit the link below for detailed information and workarounds for other versions.
For a more detailed overview: