PRIOn knowledge basePRION:CVE-2007-0168Cross site request forgery (csrf)
7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.956 High
EPSS
Percentile
99.3%
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| brightstor_arcserve_backup | le | 11.5 | |
| brightstor_arcserve_backup | eq | 9.01 | |
| brightstor_enterprise_backup | eq | 10.5 | |
| business_protection_suite | eq | 2.0 |
References
livesploit.com/advisories/LS-20061002.pdf
osvdb.org/31327
secunia.com/advisories/23648
securitytracker.com/id?1017506
supportconnectw.ca.com/public/storage/infodocs/babimpsec-notice.asp
www.kb.cert.org/vuls/id/662400
www.lssec.com/advisories/LS-20061002.pdf
www.securityfocus.com/archive/1/456616/100/0/threaded
www.securityfocus.com/archive/1/456637
www.securityfocus.com/archive/1/456711
www.securityfocus.com/bid/22010
www.vupen.com/english/advisories/2007/0154
www.zerodayinitiative.com/advisories/ZDI-07-002.html
exchange.xforce.ibmcloud.com/vulnerabilities/31442
Related
7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.956 High
EPSS
Percentile
99.3%