Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Udp Security Vulnerabilities

cve
cve

CVE-2015-4068

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.

9.1CVSS

6.5AI Score

0.832EPSS

2015-05-29 03:59 PM
848
In Wild
cve
cve

CVE-2018-18657

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.

7.5CVSS

7.3AI Score

0.002EPSS

2018-10-26 02:29 PM
22
cve
cve

CVE-2018-18658

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.

7.5CVSS

7.3AI Score

0.002EPSS

2018-10-26 02:29 PM
28
cve
cve

CVE-2018-18659

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.

7.5CVSS

7.5AI Score

0.001EPSS

2018-10-26 02:29 PM
25
cve
cve

CVE-2018-18660

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

6.1CVSS

6.1AI Score

0.001EPSS

2018-10-26 02:29 PM
19
cve
cve

CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any...

9.8CVSS

9.5AI Score

0.003EPSS

2023-07-03 03:15 PM
21
cve
cve

CVE-2023-41998

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

9.8CVSS

9.4AI Score

0.001EPSS

2023-11-27 05:15 PM
25
cve
cve

CVE-2023-41999

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

9.8CVSS

9.6AI Score

0.003EPSS

2023-11-27 05:15 PM
20
cve
cve

CVE-2023-42000

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

9.8CVSS

9.5AI Score

0.003EPSS

2023-11-27 05:15 PM
21