Vulnerabilities found at Netbackup 8.3 on ports used by NetBackup (443, 1556, 8443)

NBU version – 8.3.01
VCS version – 7.4.1
VIOM version – 7.4.1

For the ports used by NetBackup (443, 1556, 8443) I see one remaining issue: “The subject common name (CN) field in the X.509 certificate does not match the name of the entity presenting the certificate.”using NetBackup Certificate Authority (NBCA).

All the mention port are just seen on the active node(443, 1556, 8443)

When a NetBackup master server is configured as an active-passive clustered application, the NetBackup services are accessed using a virtual hostname. The NetBackup master server services are active on only a single (active) cluster node at any given time. By design, the X.509 certificates that are created to support NetBackup services do not have the physical node names listed in them. This provides customers the flexibility to add or remove cluster nodes without any impact on the NetBackup services. 

Running security scanners against these services using a physical node name can result in messages such as “X.509 Certificate Subject CN Does Not Match the Entity Name”. 

It is recommended that customers use the virtual name of the master server when running security scans against NetBackup services to prevent these errors from showing up. If you must run a scan using the physical node name, you may safely ignore the “X.509 Certificate Subject CN Does Not Match the Entity Name” errors for NetBackup services after verifying that the NetBackup virtual name is mentioned in the certificate.