Shodan
Vulnerabilities
Vulnerable Software
Arcserve:  >> Udp  Security Vulnerabilities
CVE-2023-42000
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
CVSS Score
9.8
EPSS Score
0.012
Published
2023-11-27
CVE-2023-41998
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.
CVSS Score
9.8
EPSS Score
0.153
Published
2023-11-27
CVE-2023-41999
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-27
CVE-2023-26258
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.
CVSS Score
9.8
EPSS Score
0.884
Published
2023-07-03
CVE-2018-18657
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-10-26
CVE-2018-18658
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-10-26
CVE-2018-18659
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-26
CVE-2018-18660
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-10-26
CVE-2015-4068
Known exploited
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
CVSS Score
9.1
EPSS Score
0.832
Published
2015-05-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved