Udp@* Security Vulnerabilities and Issues — Udp@* CVE List

Lucene search

ArcserveUdp*

10 matches found

CVE•added 2015/05/29 3:59 p.m.•981 views

CVE-2015-4068

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.

9.4CVSS6.5AI score0.84121EPSS

In wild

CVE•added 2023/11/27 5:15 p.m.•47 views

CVE-2023-41998

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

9.8CVSS9.7AI score0.15294EPSS

CVE•added 2023/07/03 3:15 p.m.•42 views

CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any...

9.8CVSS9.5AI score0.88358EPSS

CVE•added 2023/11/27 5:15 p.m.•41 views

CVE-2023-42000

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

9.8CVSS9.6AI score0.01245EPSS

CVE•added 2023/11/27 5:15 p.m.•34 views

CVE-2023-41999

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.

9.8CVSS9.8AI score0.00145EPSS

CVE•added 2018/10/26 2:29 p.m.•31 views

CVE-2018-18660

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

6.1CVSS6.1AI score0.00321EPSS

CVE•added 2025/08/27 10:15 p.m.•10 views

CVE-2025-34523

A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication and results from improper bounds checking when processing attacker-controlled input. By sending spec...

9.8CVSS8.4AI score0.00515EPSS

CVE•added 2025/08/27 10:15 p.m.•8 views

CVE-2025-34522

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, po...

9.8CVSS8.3AI score0.00515EPSS

CVE•added 2025/08/27 10:15 p.m.•7 views

CVE-2025-34520

An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms ...

9.8CVSS7.5AI score0.00111EPSS

CVE•added 2025/08/27 10:15 p.m.•7 views

CVE-2025-34521

A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited b...

5.4CVSS6AI score0.00037EPSS