VYPR
Unrated severityNVD Advisory· Published Nov 27, 2023· Updated Aug 2, 2024

Arcserve UDP Agent Unauthenticated Path Traversal File Upload

CVE-2023-42000

Description

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Arcserve/UDPllm-fuzzy2 versions
    <9.2+ 1 more
    • (no CPE)range: <9.2
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.