eDiscovery Platform Cleartext Password on Command Line Vulnerability

Revision History

• 1.0: April 14, 2025: Initial version

Description

A vulnerability was discovered in the Arctera eDiscovery Platform version 10.3.1 and prior due to execution of the EVSearcher bat file where the password is passed in plain text to the command line.  This vulnerability only impacts implementations where the eDiscovery Platform is configured to collect from the Arctera Enterprise Vault application. In these configurations the Arctera Enterprise Vault credentials may be exposed to tools capturing system activity if they are installed on the eDiscovery Platform server.

Issue 

CVE ID: To be announced

Severity: MEDIUM

CVSS v3.1 Base Score 6.0 (AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

CWE-319: Cleartext Transmission of Sensitive Information

Prerequisites

This vulnerability only impacts customers who are using or have configured the Enterprise Vault Collection Module. This can be verified by checking if the EsaEvCrawler Service and EsaEvRetriever Service is installed.

Exploiting this vulnerability further requires that the Sysmon or Process Monitor (ProcMon) tools be installed on the eDiscovery Platform Windows server, and the attacker is logged in with administrator privileges to view the respective logs on that server.

Affected Versions

Arctera/Veritas eDiscovery Platform versions: 10.3.1, 10.3, 10.2.7, 10.2.6, 10.2.5, 10.2.4, 10.2.3, 10.2.2, 10.2.1, 10.2. Earlier unsupported versions may be affected as well.

Remediation

Customers under a current maintenance contract should upgrade to Arctera eDiscovery Platform version 10.3.2 available here:

• https://www.veritas.com/support/en_US/downloads/update.UPD235828

See the Download Center for all available updates: https://www.veritas.com/support/en_US/downloads

Questions

For questions or problems regarding these vulnerabilities please contact Arctera Technical Support (https://www.arctera.io/support)

Disclaimer

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.  Arctera US LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION.  THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Arctera US LLC
6200 Stoneridge Mall Road, Suite 150
Pleasanton, CA 94588