Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2025-05-27 | N/A | 6.5 MEDIUM |
|
Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
|
|||||
| CVE-2017-7444 | 1 Veritas | 1 System Recovery | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.
|
|||||
| CVE-2022-26778 | 1 Veritas | 1 System Recovery | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
|
|||||
| CVE-2020-36160 | 2 Microsoft, Veritas | 2 Windows, System Recovery | 2024-11-21 | 7.2 HIGH | 9.3 CRITICAL |
|
An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. T ...
Show More |
|||||