Vulnerabilities (CVE)

Filtered by vendor Arcserve Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-42000 1 Arcserve 1 Udp 2024-11-21 N/A 9.8 CRITICAL
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
CVE-2023-41999 1 Arcserve 1 Udp 2024-11-21 N/A 9.8 CRITICAL
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.
CVE-2023-41998 1 Arcserve 1 Udp 2024-11-21 N/A 9.8 CRITICAL
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.
CVE-2023-26258 1 Arcserve 1 Udp 2024-11-21 N/A 9.8 CRITICAL
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.
CVE-2020-27858 1 Arcserve 1 D2d 2024-11-21 5.0 MEDIUM 7.5 HIGH
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11103.
CVE-2018-18660 1 Arcserve 1 Udp 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
CVE-2018-18659 1 Arcserve 1 Udp 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
CVE-2018-18658 1 Arcserve 1 Udp 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
CVE-2018-18657 1 Arcserve 1 Udp 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
CVE-2015-4069 1 Arcserve 1 Arcserve Unified Data Protection 2024-11-21 7.8 HIGH N/A
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.
CVE-2015-4068 1 Arcserve 1 Udp 2024-11-21 9.4 HIGH 9.1 CRITICAL
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
CVE-2006-6641 5 Arcserve, Broadcom, Cleverpath and 2 more 11 Brightstor, Cleverpath Portal, Aion Bpm and 8 more 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.