CVE-2007-5328

CWE-2643 documents3 sources

Severity

10.0CRITICAL

EPSS

5.6%

top 9.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Brightstor Arcserve Backup Broadcom Brightstor Enterprise Backup

Timeline

PublishedOct 13

Latest updateMay 1

Description

The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDbroadcom/brightstor_arcserve_backup5 versions+4

▶NVDbroadcom/brightstor_enterprise_backup10.5

Patches

Patch: supportconnectw.ca.com ↗Patch: supportconnectw.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-wh6g-vxgw-xmjj: The Message Engine RPC service in CA BrightStor ARCServe BackUp v9↗2022-05-01

▶

CVEList

CVE-2007-5328: The Message Engine RPC service in CA BrightStor ARCServe BackUp v9↗2007-10-13

▶