VYPR

UDP

by Arcserve

CVEs (7)

  • CVE-2015-4068CriKEVMay 29, 2015
    risk 0.76cvss 9.1epss 0.64

    Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.

  • CVE-2023-26258Jul 3, 2023
    risk 0.06cvss epss 0.38

    Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be…

  • CVE-2023-41998Nov 27, 2023
    risk 0.01cvss epss 0.15

    Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

  • CVE-2023-42000Nov 27, 2023
    risk 0.00cvss epss 0.01

    Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

  • CVE-2023-41999Nov 27, 2023
    risk 0.00cvss epss 0.01

    An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

  • CVE-2018-18660Oct 26, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

  • CVE-2015-4069May 29, 2015
    risk 0.00cvss epss 0.04

    The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.