Veritas 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk memory corruption、vendor risk xxe, and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact memory corruption and アプリケーションクラッシュ などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-44925 | Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge. | [email protected] | 8.8 | 0.20% | 2026-05-20 | 2026-06-17 |
| CVE-2026-44924 | InfoScale VIOM 9.1.3 allows XSS. | [email protected] | 5.4 | 0.21% | 2026-05-20 | 2026-06-17 |
| CVE-2026-44923 | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | [email protected] | 6.5 | 0.31% | 2026-05-20 | 2026-06-17 |
| CVE-2020-37045 | Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges. | [email protected] | 8.5 | 0.15% | 2026-02-01 | 2026-06-16 |
| CVE-2025-43704 | Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentials when configured to use HTTP Basic Authentication to a Dell Isilon OneFS server. | [email protected] | 4.7 | 0.08% | 2025-04-16 | 2026-06-17 |
| CVE-2024-46542 | Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. | [email protected] | 6.5 | 0.56% | 2024-12-30 | 2026-06-17 |
| CVE-2024-53915 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-53914 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-53913 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-53912 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-53911 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-53910 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-53909 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 0.91% | 2024-11-24 | 2026-06-17 |
| CVE-2024-52945 | An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. | [email protected] | 7.8 | 0.19% | 2024-11-18 | 2026-06-17 |
| CVE-2024-52944 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 5.4 | 0.34% | 2024-11-18 | 2026-06-17 |
| CVE-2024-52943 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 5.4 | 1.08% | 2024-11-18 | 2026-06-17 |
| CVE-2024-52942 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 5.4 | 0.30% | 2024-11-18 | 2026-06-17 |
| CVE-2024-47854 | An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 6.1 | 0.66% | 2024-10-04 | 2026-06-17 |
| CVE-2024-33673 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | [email protected] | 7.8 | 0.16% | 2024-04-25 | 2026-06-17 |
| CVE-2024-33672 | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | [email protected] | 7.7 | 0.17% | 2024-04-25 | 2026-06-17 |