Cleartext Credential Vulnerability in Arctera/Veritas Data Insight by Veritas
CVE-2025-43704

4.7MEDIUM

Key Information:

Vendor: Veritas
Status: Data Insight
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability exists in Arctera/Veritas Data Insight before version 7.1.2, where the software transmits credentials in plaintext when configured with HTTP Basic Authentication to a Dell Isilon OneFS server. This exposure can lead to unauthorized access and data compromise, emphasizing the need for secure transmission practices.

Affected Version(s)

Data Insight 0 < 7.1.2

References

https://www.veritas.com/support/en_US/security/ARC25-006

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2025