CVE-2024-34404

A vulnerability was discovered in the Alta Recovery Vault feature of Veritas NetBackup before 10.4 and NetBackup Appliance before 5.4. By design, only the cloud administrator should be able to disable the retention lock of Governance mode images. This vulnerability allowed a NetBackup administrator to modify the expiration of backups under Governance mode (which could cause premature deletion).

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.veritas.com/support/en_US/security/VTS24-004
https://www.veritas.com/support/en_US/security/VTS24-004

Configurations

No configuration.

History

28 Mar 2025, 20:15

Type	Values Removed	Values Added
CWE		CWE-284

21 Nov 2024, 09:18

Type	Values Removed	Values Added
References	~~() https://www.veritas.com/support/en_US/security/VTS24-004 -~~	() https://www.veritas.com/support/en_US/security/VTS24-004 -
Summary		(es) Se descubrió una vulnerabilidad en la función Alta Recovery Vault de Veritas NetBackup anterior a 10.4 y NetBackup Appliance anterior a 5.4. Por diseño, solo el administrador de la nube debería poder desactivar el bloqueo de retención de las imágenes del modo de gobernanza. Esta vulnerabilidad permitió a un administrador de NetBackup modificar la caducidad de las copias de seguridad en el modo de Governance (lo que podría provocar una eliminación prematura).

03 May 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-03 01:15

Updated : 2025-03-28 20:15

NVD link : CVE-2024-34404

Mitre link : CVE-2024-34404

CVE.ORG link : CVE-2024-34404

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

6.8 /10