Impact of Spring4Shell vulnerability (CVE-2022-22965) on NetBackup Appliances

Impact of Spring4Shell vulnerability (CVE-2022-22965) on NetBackup Appliances

Article: 100052910
Last Published: 2022-04-27
Ratings: 2 2
Product(s): Appliances

The information in this article also applies to NetBackup Virtual Appliances.

Description

Recently a zero-day vulnerability was reported in the popular open-source Java framework, Spring, that could allow an attacker to execute arbitrary code on a remote web server. Veritas has concluded that (some versions of) NetBackup Appliances are impacted. Please see the table below for remediation steps.

NetBackup Appliance/NetBackup Virtual Appliance 
version 

Remediation

4.1.0.1 MR2 

(1) Download MR2 hotfix  here 

(2) Install hotfix

4.1/4.1.0.1 MR1

(1) Upgrade to 4.1.0.1 MR2 here

(2) Download MR2 hotfix here 

(3) Install hotfix

4.0.0.1 MR3

(1) Download  MR3 hotfix here 

(2) Install hotfix

4.0/4.0.0.1 MR1/4.0.0.1 MR2 

(1) Upgrade to 4.0.0.1 MR3 here 

(2) Download MR3 hotfix here 

(3) Install hotfix 

3.x/5.0

None needed as not impacted

 

Disclaimer 

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. 

Was this content helpful?