Veritas Identifies Vulnerabilities in Enterprise Vault Software
/ 1 min read
Veritas warns of critical Remote Code Execution vulnerabilities in Enterprise Vault. Veritas has identified multiple critical vulnerabilities in its Enterprise Vault software that could allow remote code execution due to deserialization of untrusted data. The vulnerabilities, assigned CVE IDs ZDI-CAN-24334 through ZDI-CAN-24405, affect all currently supported versions of Enterprise Vault. Attackers with Remote Desktop Protocol (RDP) access and knowledge of specific server details could exploit these vulnerabilities if the server’s firewall is misconfigured. Veritas plans to address these issues in the upcoming Enterprise Vault 15.2 release, expected in Q3 2025. Users are advised to restrict RDP access, ensure proper firewall configurations, and apply the latest Windows updates to mitigate risks.