CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36165
https://notcve.org/view.php?id=CVE-2020-36165
06 Jan 2021 — An issue was discovered in Veritas Desktop and Laptop Option (DLO) before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:/ReleaseX64/ssl/openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. • https://www.veritas.com/content/support/en_US/security/VTS20-012 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-36166
https://notcve.org/view.php?id=CVE-2020-36166
06 Jan 2021 — An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36167
https://notcve.org/view.php?id=CVE-2020-36167
06 Jan 2021 — An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36168
https://notcve.org/view.php?id=CVE-2020-36168
06 Jan 2021 — An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It leverages OpenSSL on Windows systems when using the Managed Host addon. On start-up, it loads the OpenSSL library. This library may attempt to load the openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. • https://www.veritas.com/content/support/en_US/security/VTS20-015 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-36169
https://notcve.org/view.php?id=CVE-2020-36169
06 Jan 2021 — An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under the top level of any drive. If a low privileged user creates an affected path with a library that the Veritas product attempts to load, they can execute arbitrary code as SYSTEM or Administrator. This gives the attacke... • https://www.veritas.com/content/support/en_US/security/VTS20-016#Issue1 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-36159
https://notcve.org/view.php?id=CVE-2020-36159
05 Jan 2021 — Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operational information on the backup processing status through a URL that did not require authentication. Veritas Desktop and Laptop Option (DLO) versiones anteriores a 9.5 revelaba información operativa sobre el estado del procesamiento de la copia de seguridad por medio de una URL que no requería autenticación • https://www.veritas.com/content/support/en_US/security/VTS20-007 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2020-27156
https://notcve.org/view.php?id=CVE-2020-27156
15 Oct 2020 — Veritas APTARE versions prior to 10.5 did not perform adequate authorization checks. This vulnerability could allow for remote code execution by an unauthenticated user. Veritas APTARE versiones anteriores a 10.5, no llevaron a cabo unas comprobaciones de autorización adecuadas. Esta vulnerabilidad podría permitir una ejecución de código remota por parte de un usuario no autenticado • https://www.veritas.com/content/support/en_US/security/VTS20-006#issue1 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27157
https://notcve.org/view.php?id=CVE-2020-27157
15 Oct 2020 — Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. Veritas APTARE versiones anteriores a 10.5, incluían un código que omitía el proceso de inicio de sesión normal cuando se proporcionaban credenciales de autenticación específicas al servidor. Un usuario n... • https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12874
https://notcve.org/view.php?id=CVE-2020-12874
14 May 2020 — Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. Veritas APTARE versiones anteriores a 10.4, incluían código que omitía el proceso de inicio de sesión normal cuando eran proporcionadas credenciales de autenticación específicas al servidor. • https://www.veritas.com/content/support/en_US/security/VTS20-003 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12875
https://notcve.org/view.php?id=CVE-2020-12875
14 May 2020 — Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. Veritas APTARE versiones anteriores a 10.4, no llevó a cabo las comprobaciones de autorización adecuadas. Un usuario autenticado podría obtener acceso no autorizado a información confidencial o a una funcionalidad mediante la manipulación de parámetros específicos dentro ... • https://www.veritas.com/content/support/en_US/security/VTS20-003 • CWE-863: Incorrect Authorization •