Key Information Vulnerability Description Vulnerability Type: Privilege Escalation Vulnerability Affected Components: NetBackup client, master server, and media server components Affected Versions: 10.4.0.1, 10.4, 10.3.0.1, 10.3, 10.2.0.1, 10.2, 10.1.1, 10.1, 10.0.0.1, and 10.0 Severity: High CVSS v3.1 Base Score: 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CWE ID: 427 - Uncontrolled Search Path Element Recommended Actions 1. Upgrade to NetBackup version 10.5 or later. 2. Upgrade to NetBackup version 10.4.0.1 and apply the patch from the download center. 3. Upgrade to NetBackup version 10.3.0.1 and apply the patch from the download center. Alternative Mitigation Measures 1. Create a directory named "bin" under the root drive of the NetBackup installation. If the directory already exists, proceed to step 2. 2. Restrict access to this newly created directory to administrators only. Contact Technical Support For any questions or issues related to these vulnerabilities, contact Veritas Technical Support. Disclaimer This security bulletin is provided "as is" without any express or implied warranties, including but not limited to any implied warranties of merchantability, fitness for a particular purpose, or non-infringement. Veritas Technologies LLC shall not be liable for any incidental or consequential damages arising from the provision, use, or reliance on this document. Information in this document may be changed at any time without notice. Company Information Veritas Technologies LLC Address: 2625 Augustine Drive, Santa Clara, CA 95054