These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-44926 is a high-severity access-control weakness in InfoScale CmdServer before 7.4.2. The NVD entry assigns a CVSS 8.8 score and describes a network-reachable issue that can be triggered with low privileges and no user interaction, with potential high impact to confidentiality, integrity, and availability.
CVE-2026-44925 is a cross-site request forgery issue affecting InfoScale Operations Manager (VIOM). The public description says an attacker can trick a user with an active session into triggering unintended changes in the VIOM web application. Because the issue targets an administrative web interface and is rated CVSS 8.8 in the supplied record, it should be treated as a high-priority web-management exposure.
CVE-2026-44924 is a cross-site scripting issue affecting InfoScale VIOM 9.1.3. The NVD record lists CWE-79 and a CVSS 3.1 base score of 5.4 (Medium), with attack characteristics that require low privileges and user interaction. Vendor bulletin references are present in the source set, but the vendor attribution in the provided corpus is not fully resolved, so the safest reading is to treat the issue as a [truncated]
CVE-2026-44923 is a medium-severity SQL injection vulnerability affecting InfoScale VIOM before v9.1.3. According to the supplied NVD record, it is network-reachable, requires no user interaction, and can allow remote attackers to escalate privileges. The record is still marked "Awaiting Analysis" in NVD, and the official references point to vendor security bulletin material for InfoScale Operations Manag [truncated]
CVE-2021-27878 is a Veritas Backup Exec Agent command execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-04-07. CISA also marked it as having known ransomware campaign use. Because the available source material does not include version ranges or exploitation details, defenders should treat this as a high-priority patching item and follow Veritas remediation guid [truncated]
CVE-2021-27877 is a Veritas Backup Exec Agent improper authentication issue that CISA added to the Known Exploited Vulnerabilities (KEV) catalog on 2023-04-07. CISA also marks the vulnerability as having known ransomware campaign use. For defenders, the key takeaway is urgency: systems running the affected Backup Exec Agent should be prioritized for vendor-directed updates and validation.
CVE-2021-27876 is a Veritas Backup Exec Agent file access vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-04-07. CISA’s entry also marks known ransomware campaign use, which makes this a defensive priority for any environment running the affected agent. The supplied corpus does not include CVSS scoring or detailed impact analysis, so the safest interpretation is to tre [truncated]
CVE-2017-6409 is a critical network-reachable access-control flaw in Veritas NetBackup and NetBackup Appliance. The issue affects NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, where unauthenticated CORBA interfaces can permit inappropriate access. Because the CVSS vector is 9.8 (network, no privileges, no user interaction, high confidentiality/integrity/availability impact), this shou [truncated]
CVE-2017-6408 describes a local privilege-escalation race condition in Veritas NetBackup’s pbx_exchange component. According to the NVD record, a local user may be able to connect to a socket before permissions are secured, creating an opportunity to gain elevated access. The issue affects NetBackup 8.0 and earlier, and NetBackup Appliance 3.0 and earlier. Because the weakness is local and requires a race [truncated]
CVE-2017-6407 is a high-severity Veritas NetBackup issue disclosed on 2017-03-02. The CVE record states that affected versions include NetBackup before 7.7.2 and NetBackup Appliance before 2.7.2, and that privileged remote command execution can occur on the NetBackup Server and Client. NVD assigns the issue a CVSS v3.0 score of 8.8 (HIGH), reflecting severe confidentiality, integrity, and availability imp [truncated]
CVE-2017-6406 describes a privileged command execution flaw in Veritas NetBackup and NetBackup Appliance that can be triggered through whitelist directory escape using "../" substrings. The CVE was published on 2017-03-02 and is rated HIGH (CVSS 8.8). The official CVSS vector indicates local access, low privileges, no user interaction, and a changed scope impact with high confidentiality, integrity, and a [truncated]
Veritas NetBackup 8.0 and earlier, and NetBackup Appliance 3.0 and earlier, include hostname-based security that is open to DNS spoofing. In practice, that means an attacker who can influence DNS resolution may be able to undermine hostname trust and impact integrity-sensitive security decisions. Because the issue is network reachable and requires no privileges or user interaction, it should be treated as [truncated]
CVE-2017-6404 is a log-integrity issue in Veritas NetBackup and NetBackup Appliance. According to NVD and the vendor advisory reference, affected installations used world-writable log files, which can let a local user destroy or spoof log data. The issue is rated medium severity (CVSS 5.5) and maps to improper file permissions (CWE-276).
CVE-2017-6403 describes a critical hardcoded-credentials flaw in Veritas NetBackup Cloud Storage Service. NVD lists affected NetBackup versions before 8.0 and NetBackup Appliance versions before 3.0. Because the service uses a hardcoded username and password, an attacker who can reach the service may be able to authenticate without legitimate credentials and compromise backup-related systems and data.
CVE-2017-6402 is a Veritas NetBackup denial-of-service vulnerability affecting NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. The issue can impact server availability, which is especially important in backup infrastructure because disruption can delay or prevent recovery operations. NVD rates the issue CVSS 3.0 6.5 (medium) with network attack vector, low attack complexity, low privile [truncated]
CVE-2017-6401 is a local command-execution vulnerability in Veritas NetBackup and NetBackup Appliance. According to the NVD record, affected releases are NetBackup before 8.0 and NetBackup Appliance before 3.0, and the issue can lead to local arbitrary command execution when using bpcd and bpnbat.
CVE-2017-6400 describes a local command execution issue in Veritas NetBackup and NetBackup Appliance that can lead to privileged command execution on the affected system. NVD rates the flaw 8.8 (HIGH) with a local attack vector, low privileges required, no user interaction, and high impact to confidentiality, integrity, and availability. The published record dates to 2017-03-02. NVD’s affected CPE criteri [truncated]
CVE-2017-6399 affects Veritas NetBackup before 7.7.2 and NetBackup Appliance before 2.7.2. The issue is described as privileged remote command execution on NetBackup Server and Client, including cases on the server or a connected client. Because the CVSS vector in NVD indicates low-privilege, local access with changed scope and high impact, defenders should treat this as a serious post-authentication comp [truncated]