System Recovery

system_recovery

Vendor: Veritas • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-41320 1Veritas 1System Recovery May 27, 2025 Sep 23, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has suf...Show more Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.Show less
CVE-2022-26778 1Veritas 1System Recovery Nov 21, 2024 Mar 10, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to a...Show more Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.Show less
CVE-2020-36160 1Veritas 1System Recovery Nov 21, 2024 Jan 6, 2021 N/A· v4 8.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which d...Show more An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories under C:\. A low privileged user can create a C:\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data and installed applications, etc. If the system is also an Active Directory domain controller, then this can affect the entire domain.Show less
CVE-2017-7444 1Veritas 1System Recovery May 13, 2026 Apr 5, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.