Note:
This project will be discontinued after December 13, 2021. [more]
Product:
System_recovery
(Veritas)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-06 | CVE-2020-36160 | An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service... | System_recovery | 8.8 | ||
| 2022-03-10 | CVE-2022-26778 | Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | System_recovery | 6.5 | ||
| 2022-09-23 | CVE-2022-41320 | Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | System_recovery | 6.5 | ||
| 2017-04-05 | CVE-2017-7444 | In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed. | System_recovery | 7.8 |