CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43704
https://notcve.org/view.php?id=CVE-2025-43704
16 Apr 2025 — Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. • https://www.veritas.com/support/en_US/security/ARC25-006 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2024-46542
https://notcve.org/view.php?id=CVE-2024-46542
30 Dec 2024 — Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. • https://github.com/MarioTesoro/CVE-2024-46542 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52942 – Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-52942
18 Nov 2024 — An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User intera... • https://www.veritas.com/support/en_US/security/VTS24-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52943 – Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-52943
18 Nov 2024 — An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User intera... • https://www.veritas.com/support/en_US/security/VTS24-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52944 – Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2024-52944
18 Nov 2024 — An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction ... • https://www.veritas.com/support/en_US/security/VTS24-013 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52945
https://notcve.org/view.php?id=CVE-2024-52945
18 Nov 2024 — An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. • https://www.veritas.com/content/support/en_US/security/VTS24-012 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35204
https://notcve.org/view.php?id=CVE-2024-35204
13 May 2024 — Veritas System Recovery before 23.2_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. Veritas System Recovery anterior a 23.2_Hotfix tiene permisos incorrectos para la carpeta Veritas System Recovery y, por lo tanto, los usuarios con pocos privilegios pueden realizar ataques. Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks. • https://www.veritas.com/support/en_US/security/VTS24-005 • CWE-272: Least Privilege Violation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33673
https://notcve.org/view.php?id=CVE-2024-33673
26 Apr 2024 — An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. Se descubrió un problema en Veritas Backup Exec antes de la versión 22.2 HotFix 917391. Los controles de acceso inadecuados permiten el secuestro de DLL en la ruta de búsqueda de DLL de Windows. • https://www.veritas.com/support/en_US/security/VTS24-002#H2 • CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33672
https://notcve.org/view.php?id=CVE-2024-33672
26 Apr 2024 — An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. Se descubrió un problema en Veritas NetBackup antes de la versión 10.4. El agente multiproceso utilizado en NetBackup se puede aprovechar para realizar la eliminación arbitraria de archivos protegidos. • https://www.veritas.com/support/en_US/security/VTS24-001 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33671
https://notcve.org/view.php?id=CVE-2024-33671
26 Apr 2024 — An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. Se descubrió un problema en Veritas Backup Exec antes de la versión 22.2 HotFix 917391. El Backup Exec Deduplication Multi-threaded Streaming Agent se puede aprovechar para realizar la eliminación arbitraria de archivos protegidos. • https://www.veritas.com/support/en_US/security/VTS24-002#H1 • CWE-73: External Control of File Name or Path •