Veritas Storage Foundation and High Availability 6.1

CPE Details

Veritas Storage Foundation and High Availability 6.1
veritas
storage_foundation_and_high_availability
6.1
2021-02-02
17h39 +00:00
2021-02-02
17h39 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:veritas:storage_foundation_and_high_availability:6.1:*:*:*:*:*:*:*

Informations

Vendor

veritas

Product

storage_foundation_and_high_availability

Version

6.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-36166 2021-01-05 23h51 +00:00 An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Windows, Storage Foundation through 6.1 on Windows, Storage Foundation HA through 6.1 on Windows, and InfoScale Operations Manager (aka VIOM) Windows Management Server 7.x through 7.4.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the \usr\local\ssl\openssl.cnf configuration file, which may not exist. On Windows systems, this path could translate to :\usr\local\ssl\openssl.cnf, where could be the default Windows installation drive such as C:\ or the drive where a Veritas product is installed. By default, on Windows systems, users can create directories under any top-level directory. A low privileged user can create a :\usr\local\ssl\openssl.cnf configuration file to load a malicious OpenSSL engine, resulting in arbitrary code execution as SYSTEM when the service starts. This gives the attacker administrator access on the system, allowing the attacker (by default) to access all data, access all installed applications, etc.
9.3
Critical