VYPR

Arcserve Unified Data Protection

by Arcserve

CVEs (11)

  • CVE-2025-34523CriAug 27, 2025
    risk 0.64cvss 9.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By…

  • CVE-2024-0801Mar 13, 2024
    risk 0.04cvss epss 0.42

    A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.

  • CVE-2024-0799Mar 13, 2024
    risk 0.03cvss epss 0.04

    An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.

  • CVE-2025-34520Aug 27, 2025
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can…

  • CVE-2025-34521Aug 27, 2025
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links…

  • CVE-2025-34522Aug 27, 2025
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to…

  • CVE-2024-0800Mar 13, 2024
    risk 0.00cvss epss 0.01

    A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.

  • CVE-2018-18659Oct 26, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.

  • CVE-2018-18658Oct 26, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.

  • CVE-2018-18657Oct 26, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.

  • CVE-2015-4069May 29, 2015
    risk 0.00cvss epss 0.04

    The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.