CVE-2024-53913

Name of the Vulnerable Software and Affected Versions Veritas Enterprise Vault versions prior to 15.2

Description The issue allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. This is due to shortcomings in the deserialization mechanism of the EVStgOfflineOpns service in the Veritas Enterprise Vault platform for corporate information archiving.

Recommendations For versions prior to 15.2, update to version 15.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the .NET Remoting TCP port to minimize the risk of exploitation.