Udp Security Vulnerabilities and Issues — Udp CVE List

Lucene search

ArcserveUdp

9 matches found

CVE•added 2015/05/29 3:59 p.m.•951 views

CVE-2015-4068

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.

9.4CVSS6.5AI score0.83197EPSS

CVE•added 2023/11/27 5:15 p.m.•44 views

CVE-2023-41998

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

9.8CVSS9.7AI score0.15294EPSS

CVE•added 2023/07/03 3:15 p.m.•39 views

CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any...

9.8CVSS9.5AI score0.88358EPSS

CVE•added 2023/11/27 5:15 p.m.•38 views

CVE-2023-42000

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

9.8CVSS9.6AI score0.01245EPSS

CVE•added 2018/10/26 2:29 p.m.•37 views

CVE-2018-18658

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.

7.5CVSS7.3AI score0.00387EPSS

CVE•added 2018/10/26 2:29 p.m.•37 views

CVE-2018-18659

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.

7.5CVSS7.5AI score0.00331EPSS

CVE•added 2018/10/26 2:29 p.m.•34 views

CVE-2018-18657

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.

7.5CVSS7.3AI score0.00387EPSS

CVE•added 2023/11/27 5:15 p.m.•33 views

CVE-2023-41999

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

9.8CVSS9.8AI score0.00145EPSS

CVE•added 2018/10/26 2:29 p.m.•30 views

CVE-2018-18660

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

6.1CVSS6.1AI score0.00328EPSS