CVE-2020-27157

HIGH

Veritas APTARE <10.5 - Auth Bypass

Title source: llm

Description

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.

References (1)

[Vendor Advisory] https://www.veritas.com/content/support/en_US/security/VTS20-006#issue2

Scores

CVSS v3 8.1

EPSS 0.0093

EPSS Percentile 76.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-294

Status published

Products (1)

veritas/aptare < 10.5

Published Oct 15, 2020

Tracked Since Feb 18, 2026