CVE-2007-5006

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICAL

EPSS

1.8%

top 17.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brightstor Arcserve Backup Laptops Desktops Broadcom Desktop Management Suite CA Protection Suites

Timeline

PublishedOct 1

Latest updateMay 1

Description

Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDbroadcom/brightstor_arcserve_backup_laptops_desktops4 versions+3

▶NVDca/protection_suitesr2

▶NVDbroadcom/desktop_management_suite11.0, 11.1, 11.2+2

Patches

Patch: supportconnectw.ca.com ↗Patch: www.ca.com ↗Patch: www.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-f3fm-5grc-52pj: Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11↗2022-05-01

▶

CVEList

CVE-2007-5006: Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11↗2007-10-01

▶