Filtered by vendor Arcserve
Subscriptions
Filtered by product Udp
Subscriptions
Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-26258 | 1 Arcserve | 1 Udp | 2024-11-25 | 9.8 Critical |
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator. | ||||
CVE-2023-42000 | 1 Arcserve | 1 Udp | 2024-11-21 | 9.8 Critical |
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed. | ||||
CVE-2023-41999 | 1 Arcserve | 1 Udp | 2024-11-21 | 9.8 Critical |
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication. | ||||
CVE-2023-41998 | 1 Arcserve | 1 Udp | 2024-11-21 | 9.8 Critical |
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files. | ||||
CVE-2018-18660 | 1 Arcserve | 1 Udp | 2024-11-21 | 6.1 Medium |
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | ||||
CVE-2018-18659 | 1 Arcserve | 1 Udp | 2024-11-21 | N/A |
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue. | ||||
CVE-2018-18658 | 1 Arcserve | 1 Udp | 2024-11-21 | N/A |
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue. | ||||
CVE-2018-18657 | 1 Arcserve | 1 Udp | 2024-11-21 | N/A |
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue. | ||||
CVE-2015-4068 | 1 Arcserve | 1 Udp | 2024-11-21 | 9.1 Critical |
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. |
Page 1 of 1.