System Recovery
Approved changes feed: RSS · Atom
cpe:2.3:a:veritas:system_recovery:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Veritas (cb1a4886-9e3d-5084-9dc0-dbd7648341f5) |
|---|---|
| Product | System Recovery (ecc15b41-0662-5eda-8bd0-d150f69f927f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-35204 |
vulnerable | 2026-06-03 14:55:55.689550 |
Details available
Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.
Published: 2024-05-13T00:00:00.000Z
Updated: 2024-10-01T19:07:38.359Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-41320 |
vulnerable | 2026-06-03 14:48:05.313734 |
Details available
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
Published: 2022-09-23T04:34:45.000Z
Updated: 2025-05-27T14:50:41.275Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36160 |
vulnerable | 2026-06-03 14:42:33.087859 |
Details available
CRITICAL (9.3)
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.
Published: 2021-01-06T00:53:08.000Z
Updated: 2024-08-04T17:23:09.268Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.