Arcserve UDP < 5.0 Update 4 Directory Traversal

🗓️ 28 Oct 2025 00:00:00Reported by TenableType

Arcserve UDP below 5.0 Update 4 permits unauthenticated directory traversal via reportFileServlet or exportServlet.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2015-4068	29 May 201500:00	–	attackerkb
Circl	CVE-2015-4068	14 Jun 202321:10	–	circl
CISA KEV Catalog	Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability	25 Mar 202200:00	–	cisa_kev
CNVD	Multiple Directory Traversal Vulnerability in Arcserve Unified Data Protection	4 Jun 201500:00	–	cnvd
CVE	CVE-2015-4068	29 May 201515:00	–	cve
Cvelist	CVE-2015-4068	29 May 201515:00	–	cvelist
NVD	CVE-2015-4068	29 May 201515:59	–	nvd
OpenVAS	Arcserve Unified Data Protection (UDP) < 5.0 Update 4 Multiple Vulnerabilities	11 Jun 201500:00	–	openvas
Prion	Directory traversal	29 May 201515:59	–	prion
VulnCheck KEV	VulnCheck KEV: CVE-2015-4068	12 Jan 202200:00	–	vulncheck_kev

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(271814);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/10/28");

  script_cve_id("CVE-2015-4068");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/15");

  script_name(english:"Arcserve UDP < 5.0 Update 4 Directory Traversal");

  script_set_attribute(attribute:"synopsis", value:
"A backup application is affected by a directory traversal vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Arcserve Unified Data Protection (UDP) application running on the remote host is affected by a directory traversal
vulnerability. An unauthenticated, remote attacker can exploit this, via a crafted file path to the (1)
reportFileServlet or (2) exportServlet servlet, to obtain sensitive information or cause a denial of service.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75419633");
  script_set_attribute(attribute:"solution", value:
"Update to ArcServe UDP Agent 5.0 Update 4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-4068");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:arcserve:udp");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("arcserve_udp_agent_detect.nbin");
  script_require_keys("installed_sw/Arcserve UDP Agent");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Arcserve UDP Agent', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        { 'fixed_version':'5.0.1897.1086', 'fixed_display':'5.0 Update 4 (5.0.1897.1086)' }
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

28 Oct 2025 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.19.1

CVSS 29.4

EPSS0.63643

SSVC