Severity
Critical
Description
Security research has disclosed that there is a vulnerability that would allow a low privileged user on a Windows system to load malicious OpenSSL code.
Enterprise Vault versions 14.0, 12.5.2, 12.5.1, 12.5. 12.4.2. 12.4.1. 12.4, 12.3.2, 12.3.1, 12.3, 12.2.3, 12.2.2, 12.2.1, 12.2, 12.1.3, 12.1.2, 12.1.1, 12.1, 12.0.4, 12.0.3, 12.0.2, 12.0.1, 12.0. are affected. Earlier unsupported versions may be affected too.
This vulnerability only affects Enterprise Vault server if the following components are enabled:
- SMTP Server – SMTP Archiving
- IMAP Server – IMAP Archiving
- Vault Cloud Adapter
- NetApp File server – File System Archiving for NetApp as File Server.
The Enterprise Vault client applications are not impacted.
Veritas will communicate any new and updated information as soon as we discover and verify the information. Questions and comments are welcomed and should be directed to Veritas Support
Action Required
Please refer to the Master Advisory for more details on the security advisory and recommended action.
Further information see the Enterprise Vault Security Advisory.