An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
References
Link | Resource |
---|---|
https://www.veritas.com/content/support/en_US/security/VTS24-014 | Vendor Advisory |
Configurations
History
29 Nov 2024, 20:54
Type | Values Removed | Values Added |
---|---|---|
First Time |
Veritas
Veritas enterprise Vault |
|
CPE | cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:* | |
References | () https://www.veritas.com/content/support/en_US/security/VTS24-014 - Vendor Advisory |
26 Nov 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-24 21:15
Updated : 2024-11-29 20:54
NVD link : CVE-2024-53910
Mitre link : CVE-2024-53910
CVE.ORG link : CVE-2024-53910
JSON object : View
Products Affected
veritas
- enterprise_vault
CWE
CWE-502
Deserialization of Untrusted Data