In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

**Remedial Actions**

To address all the vulnerabilities listed below, upgrade to version 8.3.0.2, 9.0.0.1, 9.1.0.1, or 10.0 and apply the appropriate HotFix linked above.

**Issue**

**Issue #1: Unauthorized account creation, modification**

Under specific conditions an authenticated remote attacker may be able to create or modify accounts.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.9 (/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended actions:
    *   Review OpsCenter user accounts to ensure this vulnerability has not been exploited in your OpsCenter implementation. Use these instructions to view the OpsCenter user account information.
    *   Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #2: Remote command execution.**

An unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 9.1.0.1 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the HotFix as needed.

**Issue #3: Remote command execution.**

An unauthenticated remote attacker may be able to perform a remote command execution through a Java classloader manipulation.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Issue #4: Path Traversal vulnerability**

NetBackup OpsCenter may be vulnerable to a Path Traversal attack via esapi-2.2.3.1 third party component.

*   CVE ID: CVE-2022-23457
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the HotFix.

**Issue #5: Local privilege escalation**

An attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges.

*   CVE ID: To Be Assigned
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.3 (/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Issue #6: Hard coded credentials vulnerability**

A hard-coded credential was discovered in NetBackup OpsCenter that could be used to exploit the underlying VxSS subsystem

*   CVE ID: TBA
*   Severity: High
*   CVSS v3.1 Base Score: 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #7: DOM XSS vulnerability**

NetBackup OpsCenter is vulnerable to a DOM XSS attack.

*   CVE ID: TBA
*   Severity: Medium
*   CVSS v3.1 Base Score: 5.4 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
*   Affected Versions: 10.0 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0 and apply the appropriate HotFix.

**Issue #8: Information leakage**

Certain OpsCenter endpoints could allow an unauthenticated remote attacker to gain sensitive information.

*   CVE ID: To Be Assigned
*   Severity: Medium
*   CVSS v3.1 Base Score: 4.3 (/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
*   Affected Versions: 8.2 and earlier
*   Recommended action: Upgrade to 8.3.0.2 or 9.0.0.1, or 9.1.0.1, or 10.0.

**Acknowledgement**

Veritas would like to thank the following Airbus Security Team members for notifying us about several of the issues in this advisory: Mouad Abouhali, Benoit Camredon, Nicholas Devillers, Anais Gantet, and Jean-Romain Garnier.

**Disclaimer**

AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC  
2625 Augustine Drive  
Santa Clara, CA 95054

CVE-2022-36954: HotFix for Security Advisory Impacting NetBackup OpsCenter

In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.

CVE-2022-36953: HotFix for Security Advisory Impacting NetBackup OpsCenter

Red Hat Security Advisory 2022-5641-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2022:5641-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5641  
Issue date:        2022-07-19  
CVE Names:         CVE-2022-32250  
====================================================================  
1. Summary:

An update is now available for Red Hat Enterprise Linux 8.4 Extended Update  
Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.8.4) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: a use-after-free write in the netfilter subsystem can lead to  
privilege escalation to root (CVE-2022-32250)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.8.4):

Source:  
kpatch-patch-4_18_0-305_10_2-1-11.el8_4.src.rpm  
kpatch-patch-4_18_0-305_12_1-1-10.el8_4.src.rpm  
kpatch-patch-4_18_0-305_17_1-1-9.el8_4.src.rpm  
kpatch-patch-4_18_0-305_19_1-1-9.el8_4.src.rpm  
kpatch-patch-4_18_0-305_25_1-1-8.el8_4.src.rpm  
kpatch-patch-4_18_0-305_30_1-1-6.el8_4.src.rpm  
kpatch-patch-4_18_0-305_34_2-1-4.el8_4.src.rpm  
kpatch-patch-4_18_0-305_40_1-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_40_2-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_45_1-1-2.el8_4.src.rpm  
kpatch-patch-4_18_0-305_49_1-1-1.el8_4.src.rpm

ppc64le:  
kpatch-patch-4_18_0-305_10_2-1-11.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_10_2-debuginfo-1-11.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_10_2-debugsource-1-11.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_12_1-1-10.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_12_1-debuginfo-1-10.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_12_1-debugsource-1-10.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_17_1-1-9.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_17_1-debuginfo-1-9.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_17_1-debugsource-1-9.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_19_1-1-9.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_19_1-debuginfo-1-9.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_19_1-debugsource-1-9.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_25_1-1-8.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_25_1-debuginfo-1-8.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_25_1-debugsource-1-8.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_30_1-1-6.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_30_1-debuginfo-1-6.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_30_1-debugsource-1-6.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_34_2-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_34_2-debuginfo-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_34_2-debugsource-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_40_1-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_40_1-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_40_1-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_40_2-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_40_2-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_40_2-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_45_1-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_45_1-debuginfo-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_45_1-debugsource-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_49_1-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_49_1-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_49_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-305_10_2-1-11.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_10_2-debuginfo-1-11.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_10_2-debugsource-1-11.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_12_1-1-10.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_12_1-debuginfo-1-10.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_12_1-debugsource-1-10.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_17_1-1-9.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_17_1-debuginfo-1-9.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_17_1-debugsource-1-9.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_19_1-1-9.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_19_1-debuginfo-1-9.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_19_1-debugsource-1-9.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_25_1-1-8.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_25_1-debuginfo-1-8.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_25_1-debugsource-1-8.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_30_1-1-6.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_30_1-debuginfo-1-6.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_30_1-debugsource-1-6.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_34_2-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_34_2-debuginfo-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_34_2-debugsource-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_40_1-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_40_1-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_40_1-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_40_2-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_40_2-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_40_2-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_45_1-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_45_1-debuginfo-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_45_1-debugsource-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_49_1-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_49_1-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_49_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32250  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFj49zjgjWX9erEAQhzbg//YQVpllplt9m8RinEY3mL5oG1mDLt4rat  
rKLhkymEbHaox+OoT9KotX+Op7GK+xvlT8j8vFKaV/GNtxATJ2Y0zLEgSnMXGNIQ  
B0tDXn0QOkubEpsl1e02Zer0GSQVj3mCs4C3jm9itJkknq+bqVQpgKvkfPDM9l6R  
qTsCSIx1pSVwE97cMwXU0Lm6IrAZHu4zseR1mubomBMtqtuOK41sQJHed8QlkoiX  
ATSNO5C40IRJvQqnDJjE0LJ/3CehjyaMQJrwYiTsF48wrwUC400GDiMD0xnIjFnu  
8pO6mvfc1omp4ITK8pfFTUI4EHWSRSSgwTz1J4CK+8XD3cDuv7psB2b27jx+61pM  
9M+DjUTq7QGKj7IrBeo5pqtZCEDolz6SNC/hHxoV0s/szcfKf4MmrrTqKF/Cz0pG  
d6y83iW2olwmCsYqh1oIRcBBwVCwzzht5trpXRC3yag6B3/mIuJ0MHE26z3H+5GK  
BdLpwZkmBDPmsv7oc4Yl6PAwYLLXfa+qY1bnFEH1LCVXsS4cheDlEkahO5WSKdGp  
aruGRWwa/TvAlcfvMxh5Zw+kj2sZO+HZ5OhigHTUGMhWb6mhthd5PHElh4daaofa  
jwMOtjsoTRSb0dNjDCHypeIqqHOBTqX0qw+H+e6imRi9HT5xVDTXGq3mjD544bmt  
wF08BCh2kKE=IqpZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5641-01

Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of July 27, 2022 and is not available for download. This closure is temporary, pending a full review.

If you can not write in code, this plugin does not help you!

I was using the plain bxslider script on my site. When I wrote my blog in wordpress, I tried various plugins, but none exposes all the options of bxslider like this plugin. The pro version is worth it. Nico, the plugin author help me set up my site in no time.

Pretty much 90% of functionality is locked to premium version which author "forgot" to mention.

i know this is simple but not working for me..pls help me

Read all 8 reviews

“BxSlider WP” is open source software. The following people have contributed to this plugin.

Contributors

*    kosinix

CVE-2022-33943: BxSlider WP

Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents.

CVE-2022-36892: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_858fd6b_f48 and earlier allows attackers with Overall/Read permission to obtain credentials stored in Vault with attacker-specified path and keys.

CVE-2022-36888: Jenkins Security Advisory 2022-07-27

A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2022-36903: Jenkins Security Advisory 2022-07-27

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit.

CVE-2022-36882: Jenkins Security Advisory 2022-07-27

An arbitrary file write vulnerability in Jenkins CLIF Performance Testing Plugin 64.vc0d66de1dfb_f and earlier allows attackers with Overall/Read permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

CVE-2022-36894: Jenkins Security Advisory 2022-07-27

Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties.

Tag

#xss