CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41319
https://notcve.org/view.php?id=CVE-2022-41319
A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado afecta a la página de inicio de sesión de la aplicación Veritas Desktop Laptop Option (DLO) (también conocida como el URI DLOServer/restore/login.jsp). Esto afecta a las versiones anteriores a 9.8 (por ejemplo, de la 9.1 a la 9.7). • https://www.veritas.com/content/support/en_US/security/VTS22-014 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36165
https://notcve.org/view.php?id=CVE-2020-36165
An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. • https://www.veritas.com/content/support/en_US/security/VTS20-012 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36159
https://notcve.org/view.php?id=CVE-2020-36159
Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. Veritas Desktop and Laptop Option (DLO) versiones anteriores a 9.5 revelaba información operativa sobre el estado del procesamiento de la copia de seguridad por medio de una URL que no requería autenticación • https://www.veritas.com/content/support/en_US/security/VTS20-007 •