CVE-2008-4400

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUM

EPSS

2.6%

top 14.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Arcserve Backup Broadcom Business Protection Suite Broadcom Server Protection Suite +2 more

Timeline

PublishedOct 14

Latest updateMay 2

Description

Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDca/arcserve_backupr11.1, r11.5+1

▶NVDbroadcom/arcserve_backupr12.0

▶NVDca/business_protection_suiter2

▶NVDbroadcom/server_protection_suiter2

▶NVDbroadcom/business_protection_suiter2

Patches

Patch: support.ca.com ↗Patch: support.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-q86h-43r3-85v5: Unspecified vulnerability in asdbapi↗2022-05-02

▶

CVEList

CVE-2008-4400: Unspecified vulnerability in asdbapi↗2008-10-14

▶