NetBackup - RabbitMQ Authentication Bypass Vulnerability

Picture of Palindrome Technologies Palindrome Technologies : Mar 14, 2025 4:43:46 PM

Vulnerability Disclosure CVE

NetBackup - RabbitMQ Authentication Bypass Vulnerability

The Palindrome Team discovered a vulnerability in Veritas NetBackup Snapshot Manager which allowed untrusted clients to interact with the RabbitMQ service.

The vulnerability was due to misconfiguration of the RabbitMQ service which caused improper validation of the client certificate. Exploiting this vulnerability impacts the confidentiality and integrity of messages controlling the backup and restore jobs and could result in the service becoming unavailable. This vulnerability impacts only the jobs controlling the backup and restore activities and does not allow access or deletion of the backup snapshot data itself. This vulnerability was confined by the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.

For additional information please see CVE ID: CVE-2023-40256

CVSS v3.1 Base Score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CWE: 295 - Improper Certificate Validation

Surveying Five years of Java Deserialization CVE’s

Palindrome Technologies : Oct 22, 2024 12:47:52 PM

The Java programming language has been one of the most popular programming languages for years. Starting in 2015, a flaw in a core function of the...

Article

Palindrome Technologies : Sep 30, 2024 4:24:52 PM

5G Reliability Security Research

Palindrome Technologies : Mar 14, 2025 12:42:11 PM

Pi (π) is more than just an irrational number; it is a fundamental constant in mathematics that has shaped numerous aspects of our world.

NetBackup - RabbitMQ Authentication Bypass Vulnerability

Surveying Five years of Java Deserialization CVE’s

Research on Heterogeneous Networks

Pi (π)