Summary

A security scan of the Veritas eDiscovery Platform PrizmDoc modules may return the following Common Vulnerabilities and Exposures (CVE) identifier:

CVE-2023-23918 - A privilege escalation vulnerability exists in Node.js <16.19.1 that made it possible to bypass the experimental Permissions feature in Node.js and access non authorized modules by using process.mainModule.require().

Resolution

There are no plans to address this issue by way of a patch or hotfix in the current or previous versions of the software at the present time. However, the issue is currently scheduled to be addressed in the v10.2.2 update of the product. Please note that Veritas Technologies LLC reserves the right to remove any fix from the targeted release if it does not pass quality assurance tests.  Veritas’ plans are subject to change and any action taken by you based on the above information or your reliance upon the above information is made at your own risk.