Vulnerabilities > CVE-2024-52942 - Unspecified vulnerability in Veritas Enterprise Vault

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

veritas

NVD

Published: 2024-11-18

Updated: 2025-04-30

Summary

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.

Vulnerable Configurations

Part	Description	Count
Application	Veritas Veritas Enterprise Vault - Veritas Enterprise Vault 12.0 Veritas Enterprise Vault 12.0.1 Veritas Enterprise Vault 12.0.2 Veritas Enterprise Vault 12.0.3 Veritas Enterprise Vault 12.0.4 Veritas Enterprise Vault 12.1 Veritas Enterprise Vault 12.1.1 Veritas Enterprise Vault 12.1.2 Veritas Enterprise Vault 12.1.3 Veritas Enterprise Vault 12.2 Veritas Enterprise Vault 12.2.1 Veritas Enterprise Vault 12.2.2 Veritas Enterprise Vault 12.2.3 Veritas Enterprise Vault 12.3 Veritas Enterprise Vault 12.3.1 Veritas Enterprise Vault 12.3.2 Veritas Enterprise Vault 12.4 Veritas Enterprise Vault 12.4.1 Veritas Enterprise Vault 12.4.2 Veritas Enterprise Vault 12.5 Veritas Enterprise Vault 12.5.1 Veritas Enterprise Vault 12.5.2 Veritas Enterprise Vault 14.0 Veritas Enterprise Vault 14.0.1 Veritas Enterprise Vault 14.1 Veritas Enterprise Vault 14.1.1 Veritas Enterprise Vault 14.1.2 Veritas Enterprise Vault 14.1.3 Veritas Enterprise Vault 14.2 Veritas Enterprise Vault 14.2.1 Veritas Enterprise Vault 14.2.2 Veritas Enterprise Vault 14.2.3 Veritas Enterprise Vault 14.3 Veritas Enterprise Vault 14.3.1 Veritas Enterprise Vault 14.3.2 Veritas Enterprise Vault 14.4 Veritas Enterprise Vault 14.4.1 Veritas Enterprise Vault 14.4.2 Veritas Enterprise Vault 14.5 Veritas Enterprise Vault 14.5.1 Veritas Enterprise Vault 15.0 Veritas Enterprise Vault 15.0.1 Veritas Enterprise Vault 15.0.2	44

References

https://www.veritas.com/support/en_US/security/VTS24-013