An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized.
https://www.theregister.com/2024/11/26/qnap_veritas_vulnerabilities/
https://www.veritas.com/content/support/en_US/security/VTS24-014