Problem
Is Enterprise Vault (EV) affected by Telerik vulnerability in RadAsyncUpload function?
Error Message
The vulnerability report states the following -
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
Cause
Related to the RadAsyncUpload function.
Solution
None of the following products use any version of the RadAsyncUpload function in its codebase and therefore are not affected by this vulnerability:
- Enterprise Vault Compliance Accelerator / Veritas Advanced Supervision
- Enterprise Vault Discovery Accelerator
- Enterprise Vault for Lotus Domino
- Enterprise Vault for File System Archiving
- Enterprise Vault for Microsoft Exchange
- Enterprise Vault for Microsoft SharePoint
- Enterprise Vault for SMTP
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.