Enterprise Vault (EV) Security Vulnerability in Windows Environments

Enterprise Vault (EV) Security Vulnerability in Windows Environments

Article: 100049189
Last Published: 2020-12-23
Ratings: 0 0
Product(s): Enterprise Vault

Severity

Critical

Description

Security research has disclosed that there is a vulnerability that would allow a low privileged user on a Windows system to load malicious OpenSSL code.

Enterprise Vault versions 14.0, 12.5.2, 12.5.1, 12.5. 12.4.2. 12.4.1. 12.4, 12.3.2, 12.3.1, 12.3, 12.2.3, 12.2.2, 12.2.1, 12.2, 12.1.3, 12.1.2, 12.1.1, 12.1, 12.0.4, 12.0.3, 12.0.2, 12.0.1, 12.0. are affected. Earlier unsupported versions may be affected too.

This vulnerability only affects Enterprise Vault server if the following components are enabled:

  • SMTP Server – SMTP Archiving
  • IMAP Server – IMAP Archiving
  • Vault Cloud Adapter
  • NetApp File server – File System Archiving for NetApp as File Server.

The Enterprise Vault client applications are not impacted.

Veritas will communicate any new and updated information as soon as we discover and verify the information.  Questions and comments are welcomed and should be directed to Veritas Support

Action Required

Please refer to the Master Advisory for more details on the security advisory and recommended action.

Further information see the Enterprise Vault Security Advisory.

Was this content helpful?