VTS22-017
Text4Shell Notification
Revision History
- 1.0: November 2, 2022 – Initial Response – Under Investigation
- 1.1: November 9, 2022 – Updated Response including product status
- 1.2: May 31, 2023 – First paragraph update
Veritas is aware of the updated critical vulnerability Spring4Shell CVE. (CVE-2022-42889) Our Engineering and Security teams have reviewed and determined Veritas products are not impacted by this vulnerability.
No action is required at this time.
Note: Apache Commons Text is a necessary component and should not be deleted or tampered with.
| Product | Uses Apache Commons Text? | Status |
|---|---|---|
| Access Appliance | Yes | Not Vulnerable |
| Backup Exec | No | Not Vulnerable |
| Data Insight | Yes | Not Vulnerable |
| Enterprise Vault | No | Not Vulnerable |
| eDiscovery Platform | No | Not Vulnerable |
| Enterprise Vault.Cloud | No | Not Vulnerable |
| Information Classifier | Yes | Not Vulnerable |
| Merge1 | No | Not Vulnerable |
| NetBackup | Yes | Not Vulnerable |
| NetBackup OpsCenter | No | Not Vulnerable |
| NetBackup SaaS Protection | Yes | Not Vulnerable |
| NetBackup IT Analytics | Yes | Not Vulnerable |
| NetBackup Appliance | Yes | Not Vulnerable |
| Flex Appliance | Yes | Not Vulnerable |
| NetBackup Flex Scale | Yes | Not Vulnerable |
| NetBackup Snaphot Manager | Yes | Not Vulnerable |
| NetBackup Resiliency Platform | Yes | Not Vulnerable |
| InfoScale | No | Not Vulnerable |
| NetInsights Console | No | Not Vulnerable |
| Desktop and Laptop Option | No | Not Vulnerable |
| System Recovery | No | Not Vulnerable |
| Recovery Vault | Yes | Not Vulnerable |
| Veritas Advanced Supervision | No | Not Vulnerable |
Disclaimer
THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.