CVE-2008-4399 — Improper Input Validation in Arcserve Backup

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

2.4%

top 15.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Arcserve Backup Broadcom Business Protection Suite Broadcom Server Protection Suite +2 more

Timeline

PublishedOct 14

Latest updateMay 2

Description

Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDca/arcserve_backupr11.1, r11.5+1

▶NVDbroadcom/arcserve_backupr12.0

▶NVDca/business_protection_suiter2

▶NVDbroadcom/server_protection_suiter2

▶NVDbroadcom/business_protection_suiter2

Patches

Patch: support.ca.com ↗Patch: support.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-q9h5-659q-3pg6: Unspecified vulnerability in the database engine service in asdbapi↗2022-05-02

▶

CVEList

CVE-2008-4399: Unspecified vulnerability in the database engine service in asdbapi↗2008-10-14

▶