CVE-2022-41320

Published: Sep 23, 2022Modified: May 27, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

Affected (2)

Products: Veritas: System Recovery

1 product

System Recovery

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Veritas System Recovery	From 18.0 to 18.0.4.57090
Veritas System Recovery	From 21 to 21.0.3.62140

Related CWEs

Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

References (2)

https://www.veritas.com/content/support/en_US/security/VTS21-002

Source: cve@mitre.org

Vendor Advisory

https://www.veritas.com/content/support/en_US/security/VTS21-002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.