Arcserve
Products by Arcserve Sorted by Most Security Vulnerabilities since 2018
Known Exploited Arcserve Vulnerabilities
The following Arcserve vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability | Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. CVE-2015-4068 | March 25, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in Arcserve . Last year Arcserve had 4 security vulnerabilities published. Right now, Arcserve is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 4 | 9.80 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 4 | 7.15 |
It may take a day or so for new Arcserve vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Arcserve Security Vulnerabilities
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface
CVE-2023-41998
9.8 - Critical
- November 27, 2023
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.
Unrestricted File Upload
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload()
CVE-2023-42000
9.8 - Critical
- November 27, 2023
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
Directory traversal
An authentication bypass exists in Arcserve UDP prior to version 9.2
CVE-2023-41999
9.8 - Critical
- November 27, 2023
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.
authentification
Arcserve UDP through 9.0.6034 allows authentication bypass
CVE-2023-26258
9.8 - Critical
- July 03, 2023
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.
AuthZ
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4
CVE-2018-18657
7.5 - High
- October 26, 2018
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
Information Disclosure
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4
CVE-2018-18658
7.5 - High
- October 26, 2018
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
Information Disclosure
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4
CVE-2018-18659
7.5 - High
- October 26, 2018
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
XXE
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4
CVE-2018-18660
6.1 - Medium
- October 26, 2018
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
XSS
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store
CVE-2006-6641
- December 20, 2006
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server.