cbcvebase.

Veritas Enterprise Vault vulnerabilities

17 known vulnerabilities affecting veritas/enterprise_vault.

Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-53913P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53913 [CRITICAL] CWE-502 CVE-2024-53913: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2024-53915P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53915 [CRITICAL] CWE-502 CVE-2024-53915: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2024-53912P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53912 [CRITICAL] CWE-502 CVE-2024-53912: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2024-53914P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53914 [CRITICAL] CWE-502 CVE-2024-53914: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2024-53909P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53909 [CRITICAL] CWE-502 CVE-2024-53909: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2024-53910P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53910 [CRITICAL] CWE-502 CVE-2024-53910: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2024-53911P2CRITICALCVSS 9.8fixed in 15.22024-11-24
CVE-2024-53911 [CRITICAL] CWE-502 CVE-2024-53911: An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It all An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
nvd
CVE-2021-44681P3CRITICALCVSS 9.8≤ 14.1.22021-12-06
CVE-2021-44681 [CRITICAL] CWE-502 CVE-2021-44681: An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterp An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting se
nvd
CVE-2021-44677P3CRITICALCVSS 9.8≤ 14.1.22021-12-06
CVE-2021-44677 [CRITICAL] CWE-502 CVE-2021-44677: An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterp An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting se
nvd
CVE-2021-44682P3CRITICALCVSS 9.8≤ 14.1.22021-12-06
CVE-2021-44682 [CRITICAL] CWE-502 CVE-2021-44682: An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterp An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting se
nvd
CVE-2021-44678P3CRITICALCVSS 9.8≤ 14.1.22021-12-06
CVE-2021-44678 [CRITICAL] CWE-502 CVE-2021-44678: An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterp An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting se
nvd
CVE-2021-44679P3CRITICALCVSS 9.8≤ 14.1.22021-12-06
CVE-2021-44679 [CRITICAL] CWE-502 CVE-2021-44679: An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterp An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting se
nvd
CVE-2021-44680P3CRITICALCVSS 9.8≤ 14.1.22021-12-06
CVE-2021-44680 [CRITICAL] CWE-502 CVE-2021-44680: An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterp An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting se
nvd
CVE-2020-36164P3HIGHCVSS 8.8≤ 14.02021-01-06
CVE-2020-36164 [HIGH] CVE-2020-36164: An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\) and the product's installation drive (typically not C:\): \Isode\etc\ssl\openssl.cnf
nvd
CVE-2024-52943P4MEDIUMCVSS 5.4fixed in 15.12024-11-18
CVE-2024-52943 [MEDIUM] CWE-79 CVE-2024-52943: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
nvd
CVE-2024-52944P4MEDIUMCVSS 5.4fixed in 15.12024-11-18
CVE-2024-52944 [MEDIUM] CWE-79 CVE-2024-52944: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
nvd
CVE-2024-52942P4MEDIUMCVSS 5.4fixed in 15.12024-11-18
CVE-2024-52942 [MEDIUM] CWE-79 CVE-2024-52942: An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
nvd
Veritas Enterprise Vault vulnerabilities | cvebase