Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Veritas Enterprise Vault 代码问题漏洞
Vulnerability Description
Veritas Enterprise Vault是美国Veritas公司的一款企业级文件保护、归档自动化软件。 Veritas Enterprise Vault 14.1.2 及之前版本中存在代码问题漏洞,Enterprise Vault 应用程序启动时会启动多个服务,这些服务在随机 .NET Remoting TCP 端口上侦听来自客户端应用程序的命令。由于 .NET Remoting 服务固有的反序列化行为,恶意攻击者可以利用 Enterprise Vault 服务器上的 TCP 远程服务和本地 IP
CVSS Information
N/A
Vulnerability Type
N/A