October 12, 2018
Veritas has fixed a vulnerability in its Enterprise Vault.cloud service. This vulnerability could have allowed someone access to data they weren’t authorized to access.
There was an issue with TLS certificates not being properly verified when a user was logging into Enterprise Vault.cloud using single sign-on (SSO). This allowed an attacker internal to the customer organization to capture and modify an SSO SAML payload. The attacker could then modify and replay the data to access any user’s account within the same organization and view his archived messages.
- As mentioned in the Summary, this vulnerability has been fixed and the fix has been deployed.
- Veritas is not aware of any exploits of this vulnerability for malicious purposes.
If you have any questions about any information in this security advisory please contact Veritas technical support.
THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Veritas Technologies LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
Veritas Technologies LLC
500 East Middlefield Road
Mountain View, CA 94043
© 2018 Veritas Technologies LLC. All rights reserved. Veritas, the Veritas Logo, and NetBackup are trademarks or registered trademarks of Veritas Technologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.