Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arcserve vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-41998
Arcserve UDP before 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an malicious user to upload and execute arbitrary files.
Arcserve Udp
9.8
CVSSv3
CVE-2023-41999
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.
Arcserve Udp
9.8
CVSSv3
CVE-2023-42000
Arcserve UDP before 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
Arcserve Udp
9.8
CVSSv3
CVE-2023-26258
Arcserve UDP up to and including 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This ses...
Arcserve Udp
1 Github repository
7.5
CVSSv3
CVE-2020-27858
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction ...
Arcserve D2d 16.5
7.5
CVSSv3
CVE-2018-18657
An issue exists in Arcserve Unified Data Protection (UDP) up to and including 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
Arcserve Udp 6.5
Arcserve Udp 6.0
7.5
CVSSv3
CVE-2018-18658
An issue exists in Arcserve Unified Data Protection (UDP) up to and including 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
Arcserve Udp 6.5
Arcserve Udp 6.0
7.5
CVSSv3
CVE-2018-18659
An issue exists in Arcserve Unified Data Protection (UDP) up to and including 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
Arcserve Udp 6.0
Arcserve Udp 6.5
6.1
CVSSv3
CVE-2018-18660
An issue exists in Arcserve Unified Data Protection (UDP) up to and including 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
Arcserve Udp 6.5
Arcserve Udp
NA
CVE-2024-0799
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »