Severity
Critical
Description
Security research has disclosed that there is a vulnerability that would allow a low privileged user on a Windows system to load malicious OpenSSL code.
Enterprise Vault versions 14.0, 12.5.2, 12.5.1, 12.5. 12.4.2. 12.4.1. 12.4, 12.3.2, 12.3.1, 12.3, 12.2.3, 12.2.2, 12.2.1, 12.2, 12.1.3, 12.1.2, 12.1.1, 12.1, 12.0.4, 12.0.3, 12.0.2, 12.0.1, 12.0. are affected. Earlier unsupported versions may be affected too.
This vulnerability only affects Enterprise Vault server if the following components are enabled:
- SMTP Server – SMTP Archiving
- IMAP Server – IMAP Archiving
- Vault Cloud Adapter
- NetApp File server – File System Archiving for NetApp as File Server.
The Enterprise Vault client applications are not impacted.
Veritas will communicate any new and updated information as soon as we discover and verify the information. Questions and comments are welcomed and should be directed to Veritas Support
Action Required
Please refer to the Master Advisory for more details on the security advisory and recommended action.
Further information see the Enterprise Vault Security Advisory.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.