CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41320
https://notcve.org/view.php?id=CVE-2022-41320
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. Veritas System Recovery (VSR) versiones 18 y 21, almacenan una contraseña de destino de red en el registro de Windows durante la configuración de la copia de seguridad. Esta vulnerabilidad podría permitir a un usuario de Windows (con privilegios suficientes) acceder a un sistema de archivos de red al que no estaba autorizado a acceder. • https://www.veritas.com/content/support/en_US/security/VTS21-002 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26778
https://notcve.org/view.php?id=CVE-2022-26778
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. Veritas System Recovery (VSR) versiones 18 y 21, almacena una contraseña de destino de red en el registro de Windows durante la configuración de la copia de seguridad. Esto podría permitir a un usuario de Windows (que tenga privilegios suficientes) acceder a un sistema de archivos de red al que no estaba autorizado a acceder • https://www.veritas.com/content/support/en_US/security/VTS21-002 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2020-36160
https://notcve.org/view.php?id=CVE-2020-36160
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. • https://www.veritas.com/content/support/en_US/security/VTS20-017 •