skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerabilities Disclosed in Veritas Enterprise Vault

/ 1 min read

Critical vulnerabilities in Veritas Enterprise Vault expose servers to remote code execution. Veritas Technologies disclosed multiple critical vulnerabilities in its Enterprise Vault software on November 15, 2024, with a CVSS v3.1 score of 9.8, indicating a high risk of exploitation. These vulnerabilities, affecting all supported versions from 15.1 to 14.0, stem from the deserialization of untrusted data in the .NET Remoting service, allowing attackers with Remote Desktop Protocol (RDP) access to execute malicious code remotely. Veritas has recommended several mitigation strategies, including restricting server access and ensuring proper firewall configurations, while a patch is expected in the third quarter of 2025. The vulnerabilities were reported by Trend Micro’s Zero-Day Initiative, emphasizing the need for robust security measures to protect organizational data.