Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4397

CWE-20 — Improper Input Validation CWE-22 — Path Traversal4 documents4 sources

Severity

10.0CRITICAL

EPSS

85.8%

top 0.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Arcserve Backup Broadcom Business Protection Suite Broadcom Server Protection Suite +2 more

Timeline

PublishedOct 14

Latest updateMay 2

Description

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.