4 matches found
CVE-2022-26778
CVE-2022-26778 affects Veritas System Recovery (VSR) 18 and 21. The issue arises from storing a network destination password in the Windows registry during backup configuration, enabling a Windows user with sufficient privileges to access a network file system to which they were not authorized. P...
CVE-2020-36160
Veritas System Recovery (pre-21.2) loads the OpenSSL library from \usr\local\ssl at startup and attempts to read \usr\local\ssl\openssl.cnf, which does not exist. A low-privilege user can create C:\usr\local\ssl\openssl.cnf to load a malicious OpenSSL engine, enabling arbitrary code execution as ...
CVE-2022-41320
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during backup configuration. This enables a Windows user with sufficient privileges to access a network file system they are not authorized to access. Root cause is the insecure storage l...
CVE-2017-7444
Veritas System Recovery prior to 16 SP1 is affected by a DLL hijacking vulnerability in the patch installer. An attacker with write access to the execution directory could trigger local code execution during installation. The issue is confirmed as a local code execution vulnerability; remediation...