Veritas Enterprise Vault
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Veritas Enterprise Vault.
By the Year
In 2026 there have been 0 vulnerabilities in Veritas Enterprise Vault. Enterprise Vault did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 11 | 8.48 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 6 | 9.80 |
It may take a day or so for new Enterprise Vault vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Veritas Enterprise Vault Security Vulnerabilities
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53909
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53910
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53913
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53915
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53914
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53912
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault Remote Code Execution via .NET Remoting Deserialization
CVE-2024-53911
9.8 - Critical
- November 24, 2024
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
Marshaling, Unmarshaling
Veritas Enterprise Vault <15.1 XSS via Auth Remote Param Injection
CVE-2024-52941
- November 18, 2024
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Veritas Enterprise Vault <15.1 XSS via Auth Remote HTTP Param Injection
CVE-2024-52942
5.4 - Medium
- November 18, 2024
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Veritas Enterprise Vault <15.1: Authenticated XSS via HTTP Param
CVE-2024-52943
5.4 - Medium
- November 18, 2024
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
Auth Remote XSS via Param Injection in Veritas Enterprise Vault <15.1
CVE-2024-52944
5.4 - Medium
- November 18, 2024
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2
CVE-2021-44677
9.8 - Critical
- December 06, 2021
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).
Marshaling, Unmarshaling
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2
CVE-2021-44678
9.8 - Critical
- December 06, 2021
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).
Marshaling, Unmarshaling
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2
CVE-2021-44679
9.8 - Critical
- December 06, 2021
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).
Marshaling, Unmarshaling
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2
CVE-2021-44680
9.8 - Critical
- December 06, 2021
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).
Marshaling, Unmarshaling
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2
CVE-2021-44681
9.8 - Critical
- December 06, 2021
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).
Marshaling, Unmarshaling
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2
CVE-2021-44682
9.8 - Critical
- December 06, 2021
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Veritas Enterprise Vault or by Veritas? Click the Watch button to subscribe.
