From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. **Vulnerability ID and Title**: - Vulnerability ID: VTS24-014 - Vulnerability Title: Remote Code Execution Vulnerabilities in Veritas Enterprise Vault 2. **Revision History**: - Version 1.0: November 15, 2024, Initial release 3. **Summary**: - Veritas has identified an issue where Veritas Enterprise Vault may allow remote code execution on vulnerable Enterprise Vault servers. 4. **Issue Description**: - Issue Description: Deserialization of Untrusted Data Remote Code Execution Vulnerability - Severity: Critical - CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 5. **Affected Versions**: - Affected Versions: All currently supported Enterprise Vault versions: 15.1, 15.0, 15.0.1, 15.0.2, 14.5, 14.5.1, 14.4, 14.4.1, 14.4.2, 14.3, 14.3.1, 14.3.2, 14.2, 14.2.3, 14.2.2, 14.2.1, 14.1.3, 14.1.2, 14.1.1, 14.1, 14.0.1, 14.0. 6. **Mitigation Measures**: - Ensure only EV administrators have access to Enterprise Vault servers. - Ensure only trusted users are part of the Remote Desktop Users group and have RDP access. - Ensure the Enterprise Vault server firewall is enabled and properly configured. - Ensure the latest Windows updates are installed on the Enterprise Vault server. 7. **Questions and Issues**: - For any questions or issues regarding these vulnerabilities, please contact Veritas Technical Support. 8. **Acknowledgments**: - Veritas thanks Sina Kheirkhah, in collaboration with Trend Micro’s Zero Day Initiative (ZDI), for reporting these vulnerabilities. 9. **Disclaimer**: - This security advisory is provided “AS IS” without any express or implied warranties, including but not limited to any implied warranties of merchantability or fitness for a particular purpose or non-infringement, except as required by applicable law. 10. **Contact Information**: - Veritas Technologies LLC - Address: 2625 Augustine Drive - Address: Santa Clara, CA 95054 This information provides detailed descriptions of the vulnerability, affected scope, mitigation measures, and contact details.