CVE-2021-44677

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions through 14.1.2

Description: The issue arises from the deserialization behavior inherent to the .NET Remoting service, which is used by several services started by the Enterprise Vault application on start-up. These services listen on random .NET Remoting TCP ports for possible commands from client applications and can be exploited by a malicious attacker. Both TCP remoting services and local IPC services on the Enterprise Vault Server are vulnerable to exploitation. The vulnerability can be mitigated by properly configuring the servers and firewall as described in the vendor's security alert.

Recommendations: For Veritas Enterprise Vault versions through 14.1.2, properly configure the servers and firewall as described in the vendor's security alert to mitigate the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.