Enterprise Vault
Approved changes feed: RSS · Atom
cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Veritas (cb1a4886-9e3d-5084-9dc0-dbd7648341f5) |
|---|---|
| Product | Enterprise Vault (2ccab8aa-f8ed-52b8-9910-1bb2e33dd989) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-53915 |
vulnerable | 2026-06-03 14:57:40.418097 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:01:50.007Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53914 |
vulnerable | 2026-06-03 14:57:40.417742 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:01:57.856Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53913 |
vulnerable | 2026-06-03 14:57:40.417383 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:02:07.290Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53912 |
vulnerable | 2026-06-03 14:57:40.416807 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:02:19.265Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53911 |
vulnerable | 2026-06-03 14:57:40.416467 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:02:28.584Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53910 |
vulnerable | 2026-06-03 14:57:40.416086 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:02:39.787Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-53909 |
vulnerable | 2026-06-03 14:57:40.415509 |
Details available
CRITICAL (9.8)
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Published: 2024-11-24T00:00:00.000Z
Updated: 2024-11-26T16:02:55.886Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52944 |
vulnerable | 2026-06-03 14:57:30.968893 |
Details available
MEDIUM (5.4)
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Published: 2024-11-18T00:00:00.000Z
Updated: 2024-11-19T15:49:04.266Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52943 |
vulnerable | 2026-06-03 14:57:30.968485 |
Details available
MEDIUM (5.4)
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Published: 2024-11-18T00:00:00.000Z
Updated: 2025-03-18T19:29:30.756Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52942 |
vulnerable | 2026-06-03 14:57:30.968070 |
Details available
MEDIUM (5.4)
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Published: 2024-11-18T00:00:00.000Z
Updated: 2024-11-18T15:51:21.931Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44682 |
vulnerable | 2026-06-03 14:45:36.722069 |
Details available
CRITICAL (9.8)
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).
Published: 2021-12-06T21:56:09.000Z
Updated: 2024-08-04T04:25:16.968Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44681 |
vulnerable | 2026-06-03 14:45:36.721742 |
Details available
CRITICAL (9.8)
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).
Published: 2021-12-06T21:56:17.000Z
Updated: 2024-08-04T04:25:16.871Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44680 |
vulnerable | 2026-06-03 14:45:36.721430 |
Details available
CRITICAL (9.8)
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).
Published: 2021-12-06T21:56:26.000Z
Updated: 2024-08-04T04:25:16.868Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44679 |
vulnerable | 2026-06-03 14:45:36.721101 |
Details available
CRITICAL (9.8)
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).
Published: 2021-12-06T21:56:39.000Z
Updated: 2024-08-04T04:25:16.862Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44678 |
vulnerable | 2026-06-03 14:45:36.720766 |
Details available
CRITICAL (9.8)
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).
Published: 2021-12-06T21:56:49.000Z
Updated: 2024-08-04T04:25:16.961Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-44677 |
vulnerable | 2026-06-03 14:45:36.720338 |
Details available
CRITICAL (9.8)
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).
Published: 2021-12-06T21:56:58.000Z
Updated: 2024-08-04T04:25:16.885Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36164 |
vulnerable | 2026-06-03 14:42:33.108840 |
Details available
CRITICAL (9.3)
An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System drive (typically C:\) and the product's installation drive (typically not C:\): \Isode\etc\ssl\openssl.cnf (on SMTP Server) or \user\ssl\openssl.cnf (on other affected components). By default, on Windows systems, users can create directories under C:\. A low privileged user can create a openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc. This vulnerability only affects a server with MTP Server, SMTP Archiving IMAP Server, IMAP Archiving, Vault Cloud Adapter, NetApp File server, or File System Archiving for NetApp as File Server.
Published: 2021-01-06T00:52:05.000Z
Updated: 2024-08-04T17:23:09.477Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.