Multiple Directory Traversal Vulnerability in Arcserve Unified Data Protection

Arcserve UDP Unified Data Protection is a set of unified data protection solutions from the U.S. company Arcserve. The solution provides backup and recovery of all virtual and physical environments, global deduplication and other functions. Multiple directory traversal vulnerabilities exist in th...

Directory traversal

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the 1 reportFileServlet or 2 exportServlet servlet...

Arcserve Unified Data Protection Management Service reportFileServlet Directory Traversal Information Disclosure and Denial of Service Vulnerability

This vulnerability allows remote attackers to disclose and delete files on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the reportFileServlet. The issue lies in the failure to sanitize t...