3 matches found
CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS)
A reflected cross-site scripting XSS vulnerability exists in the web interface of the Arcserve Unified Data Protection UDP, where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by...
CVE-2025-34522 Arcserve UDP < 10.2 Pre-Authentication Heap Overflow
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection UDP. This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory,...
CVE-2025-34523
CVE-2025-34523 / CVE-2025-34522 (Arcserve UDP) describe heap-based buffer overflow vulnerabilities in the network-facing/input parsing routines of Arcserve Unified Data Protection (UDP). The flaws are pre-authentication and triggered by attacker-controlled input with improper bounds checking, all...