Untrusted Data Deserialization Vulnerability in Veritas Enterprise Vault Before 15.2
CVE-2024-53915

9.8CRITICAL

Key Information:

Vendor: Veritas
Status: Enterprise Vault
Vendor: CVE Published:; 24 November 2024

Summary

A vulnerability exists in Veritas Enterprise Vault, allowing remote attackers to execute arbitrary code through deserialization of untrusted data on a .NET Remoting TCP port. This issue affects versions prior to 15.2, highlighting a significant security risk for organizations utilizing the product. Proper safeguards and updates are essential to mitigate potential exploitation by malicious actors.

References

https://www.veritas.com/content/support/en_US/security/VT...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 24, 2024