Arcserve Arcserve

  1. Vendors
  2. Arcserve
Do you want an email whenever new security vulnerabilities are reported in any Arcserve product?

Products by Arcserve Sorted by Most Security Vulnerabilities since 2018

Arcserve Udp8 vulnerabilities

Arcserve Brightstor1 vulnerability

Known Exploited Arcserve Vulnerabilities

The following Arcserve vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. CVE-2015-4068 March 25, 2022

By the Year

In 2024 there have been 0 vulnerabilities in Arcserve . Last year Arcserve had 4 security vulnerabilities published. Right now, Arcserve is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 4 9.80
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 4 7.15

It may take a day or so for new Arcserve vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Arcserve Security Vulnerabilities

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface

CVE-2023-41998 9.8 - Critical - November 27, 2023

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

Unrestricted File Upload

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload()

CVE-2023-42000 9.8 - Critical - November 27, 2023

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

Directory traversal

An authentication bypass exists in Arcserve UDP prior to version 9.2

CVE-2023-41999 9.8 - Critical - November 27, 2023

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

authentification

Arcserve UDP through 9.0.6034 allows authentication bypass

CVE-2023-26258 9.8 - Critical - July 03, 2023

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.

AuthZ

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4

CVE-2018-18657 7.5 - High - October 26, 2018

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.

Information Disclosure

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4

CVE-2018-18658 7.5 - High - October 26, 2018

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.

Information Disclosure

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4

CVE-2018-18659 7.5 - High - October 26, 2018

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.

XXE

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4

CVE-2018-18660 6.1 - Medium - October 26, 2018

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

XSS

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store

CVE-2006-6641 - December 20, 2006

Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.