Vulnerabilities > CVE-2022-41320 - Insecure Storage of Sensitive Information vulnerability in Veritas System Recovery

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

veritas

CWE-922

NVD

Published: 2022-09-23

Updated: 2022-09-26

Summary

Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.

Vulnerable Configurations

Part	Description	Count
Application	Veritas Veritas System Recovery 18.0 Veritas System Recovery 18.0.1 Veritas System Recovery 18.0.2 Veritas System Recovery 18.0.3 Veritas System Recovery 18.0.4 Veritas System Recovery 21	6

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://www.veritas.com/content/support/en_US/security/VTS21-002