Lucene search
+L
VeritasSystem Recovery

4 matches found

CVE
CVE
added 2022/03/09 6:53 a.m.104 views

CVE-2022-26778

CVE-2022-26778 affects Veritas System Recovery (VSR) 18 and 21. The issue arises from storing a network destination password in the Windows registry during backup configuration, enabling a Windows user with sufficient privileges to access a network file system to which they were not authorized. P...

6.5CVSS6.5AI score0.00433EPSS
CVE
CVE
added 2021/01/06 12:53 a.m.89 views

CVE-2020-36160

Veritas System Recovery (pre-21.2) loads the OpenSSL library from \usr\local\ssl at startup and attempts to read \usr\local\ssl\openssl.cnf, which does not exist. A low-privilege user can create C:\usr\local\ssl\openssl.cnf to load a malicious OpenSSL engine, enabling arbitrary code execution as ...

9.3CVSS8.6AI score0.00431EPSS
CVE
CVE
added 2022/09/23 4:34 a.m.63 views

CVE-2022-41320

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during backup configuration. This enables a Windows user with sufficient privileges to access a network file system they are not authorized to access. Root cause is the insecure storage l...

6.5CVSS6.4AI score0.00556EPSS
CVE
CVE
added 2017/04/05 8:0 p.m.48 views

CVE-2017-7444

Veritas System Recovery prior to 16 SP1 is affected by a DLL hijacking vulnerability in the patch installer. An attacker with write access to the execution directory could trigger local code execution during installation. The issue is confirmed as a local code execution vulnerability; remediation...

9.3CVSS7.5AI score0.01059EPSS