Aggregates CVE and security vulnerability intelligence across all Veritas-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk xxe, and vendor risk csrf and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-44925 | Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge. | [email protected] | 8.8 | 0.00% | 2026-05-20 | 2026-05-21 |
| CVE-2026-44924 | InfoScale VIOM 9.1.3 allows XSS. | [email protected] | 5.4 | 0.01% | 2026-05-20 | 2026-05-21 |
| CVE-2026-44923 | SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges. | [email protected] | 6.5 | 0.01% | 2026-05-20 | 2026-05-21 |
| CVE-2024-53915 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-53914 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-53913 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-53912 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-53911 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-53910 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-53909 | An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | [email protected] | 9.8 | 3.95% | 2024-11-24 | 2024-11-29 |
| CVE-2024-52945 | An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. | [email protected] | 7.8 | 0.19% | 2024-11-18 | 2025-04-30 |
| CVE-2024-52944 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 5.4 | 0.48% | 2024-11-18 | 2025-04-30 |
| CVE-2024-52943 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 5.4 | 0.44% | 2024-11-18 | 2025-04-30 |
| CVE-2024-52942 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 5.4 | 0.30% | 2024-11-18 | 2025-04-30 |
| CVE-2024-47854 | An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. | [email protected] | 6.1 | 4.09% | 2024-10-04 | 2025-10-17 |
| CVE-2024-33673 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. | [email protected] | 7.8 | 0.05% | 2024-04-26 | 2025-06-30 |
| CVE-2024-33672 | An issue was discovered in Veritas NetBackup before 10.4. The Multi-Threaded Agent used in NetBackup can be leveraged to perform arbitrary file deletion on protected files. | [email protected] | 7.7 | 0.04% | 2024-04-26 | 2025-06-10 |
| CVE-2024-33671 | An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. | [email protected] | 7.7 | 0.08% | 2024-04-26 | 2025-06-30 |
| CVE-2024-28222 | In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. | [email protected] | 9.8 | 1.41% | 2024-03-07 | 2025-01-21 |
| CVE-2024-27283 | A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. | [email protected] | 7.2 | 0.38% | 2024-02-22 | 2025-05-06 |