EUVD-2025-26165

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...

VulnCheck KEV: CVE-2024-0801

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll...

VulnCheck KEV: CVE-2024-0799

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin...

The vulnerability of the doLogin() function in the EdgeLoginServiceImpl class of the wizardLogin component of the data protection software for ArcServe UDP allows a perpetrator to bypass the authentication process.

The vulnerability of the doLogin function in the EdgeLoginServiceImpl class of the wizardLogin component of the data protection software for ArcServe UDP is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to bypass the authentication...

CVE-2024-0801

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll...

PT-2024-15833 · Arcserve · Arcserve Unified Data Protection

Name of the Vulnerable Software and Affected Versions: Arcserve Unified Data Protection versions 8.1 through 9.2 Description: A path traversal issue exists in the edge-app-base-webui.jar, specifically affecting the ImportNodeServlet function. This issue is present in the mentioned versions of...

CVE-2023-42000

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload. An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed...

Arcserve Unified Data Protection Security Vulnerability

Arcserve Unified Data Protection is Arcserve's all-in-one data and ransomware protection solution. A security vulnerability exists in Arcserve Unified Data Protection prior to version 9.2 that stems from the presence of an authentication bypass, whereby an unauthenticated, remote attacker could...

The vulnerability in the web-based interface for managing the ArcServe UDP data protection software allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the web interface for managing the ArcServe UDP data protection software is related to errors in processing serialized data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code by sending a specially crafted HTTP reque...

CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity...