CVE-2024-53911

Name of the Vulnerable Software and Affected Versions Veritas Enterprise Vault versions prior to 15.2

Description An issue in the server allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This is related to shortcomings in the deserialization mechanism of the EVStgOfflineOpns service. The exploitation of this issue may allow a remote attacker to execute arbitrary code by sending specially crafted data.

Recommendations For versions prior to 15.2, upgrade to version 15.2 or later to mitigate the risk of system compromise. As a temporary workaround, consider restricting access to the .NET Remoting TCP port to minimize the risk of exploitation.