Remote Code Execution Vulnerability in Veritas Enterprise Vault Before 15.2
CVE-2024-53914

9.8CRITICAL

Key Information:

Vendor: Veritas
Status: Enterprise Vault
Vendor: CVE Published:; 24 November 2024

Summary

A remote code execution vulnerability exists in Veritas Enterprise Vault versions prior to 15.2. This flaw arises from improper handling of untrusted data received through a .NET Remoting TCP port, allowing attackers to exploit the deserialization process. If successfully exploited, an attacker could execute arbitrary code on the affected server, potentially leading to unauthorized access and compromise of sensitive data. It is crucial for users of Veritas Enterprise Vault to apply necessary updates to mitigate this security risk.

References

https://www.veritas.com/content/support/en_US/security/VT...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 24, 2024