Unrated severityNVD Advisory· Published Oct 14, 2008· Updated Apr 23, 2026

CVE-2008-4397

Description

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Affected products

Broadcom Corporation/Arcserve Backup
cpe:2.3:a:broadcom:arcserve_backup:r12.0:*:*:*:*:*:*:*
Broadcom Corporation/Business Protection Suite
cpe:2.3:a:broadcom:business_protection_suite:r2:*:*:*:*:*:*:*
Broadcom Corporation/Server Protection Suite
cpe:2.3:a:broadcom:server_protection_suite:r2:*:*:*:*:*:*:*
Ca/Arcserve Backup2 versions
cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*
- cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
Ca/Business Protection Suite2 versions
cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_premium:*:*:*:*:*+ 1 more
- cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_premium:*:*:*:*:*
- cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_standard:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.ca.com/irj/portal/anonymous/phpsupcontentnvdPatchVendor Advisory
secunia.com/advisories/32220nvdVendor Advisory
securityreason.com/securityalert/4412nvd
www.securityfocus.com/archive/1/497218nvd
www.securityfocus.com/archive/1/497281/100/0/threadednvd
www.securityfocus.com/bid/31684nvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2008/2777nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45774nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000