Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable JSON-RPC SQLi with low complexity and no user interaction; PR:L for the nominal auth requirement (reported bypass arguably warrants PR:N), full C/I/A impact via code execution.
Primary rating from Vendor (trendmicro).
CVSS VectorVendor: trendmicro
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the processing of NVBUDashboard JSON-RPC messages. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-27626.
AnalysisAI
Remote code execution in Quest NetVault Backup arises through SQL injection in the NVBUDashboard component's JSON-RPC message handler, letting attackers run arbitrary code in the NETWORK SERVICE context. While the flaw nominally requires authentication, ZDI reports the product's authentication mechanism can be bypassed, materially lowering the access bar. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the NetVault Backup NVBUDashboard interface and the ability to submit JSON-RPC messages to it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H = 8.8) describes a network-reachable, low-complexity attack needing only low privileges and no user interaction, with full confidentiality, integrity and availability impact - a strong signal on its own. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the NVBUDashboard endpoint - leveraging the reported ability to bypass authentication - sends a crafted JSON-RPC message containing a malicious string that is injected into a backend SQL query. The injection is escalated to operating-system code execution running as NETWORK SERVICE, giving the attacker a foothold on the backup server. … |
| Remediation | Upgrade NetVault Backup to the fixed release indicated in the vendor release notes - the references point to NetVault 14.0.2 (https://support.quest.com/technical-documents/netvault/14.0.2/release-notes#TOPIC-2338529), so apply that build or later after confirming it against your installed version. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Scan networks to identify and inventory all Quest NetVault Backup deployments; assess internet exposure of admin interfaces and immediately restrict access to authorized personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Netvault Backup
View allDell Netvault Backup before 10.0.5 allows remote attackers to cause a denial of service (crash) via a crafted request. R
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backu
Remote code execution in Quest NetVault Backup allows authenticated remote attackers - who can bypass the product's exis
Remote code execution in Quest NetVault Backup arises from a SQL injection flaw in the handling of NVBULibrarySlot JSON-
SQL injection in Quest NetVault Backup's NVBULibraryPort JSON-RPC handler allows remote attackers to execute arbitrary c
SQL injection leading to remote code execution affects Quest NetVault Backup, where the NVBURemovableMedia component fai
Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBUDeviceDrive JSON-RPC message handler
Remote code execution in Quest NetVault Backup arises from SQL injection in the NVBURASDevice JSON-RPC message handler,
SQL injection leading to remote code execution in Quest NetVault Backup allows attackers to run arbitrary code as the NE
Authentication bypass via cross-site scripting in Quest NetVault Backup's addclient3 webpage allows remote attackers to
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39147
GHSA-qhv7-8f66-468j