cbcvebase.
CVE-2015-4068
published 2015-05-29

CVE-2015-4068: Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via…

PriorityP183critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
63.64%
99.1th percentile
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.

Affected

2 ranges
VendorProductVersion rangeFixed in
arcserveudp< 5.05.0
arcserveudp

Detection & IOCsextracted from sources · hover to see the quote

  • Directory traversal attack targeting the 'reportFileServlet' servlet endpoint in Arcserve UDP
  • Directory traversal attack targeting the 'exportServlet' servlet endpoint in Arcserve UDP
  • ·Vulnerability affects Arcserve UDP versions prior to 5.0 Update 4 only; patched versions are not affected.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.09.4CRITICALAV:N/AC:L/Au:N/C:C/I:N/A:C
vulncheck9.1CRITICAL
cisa9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.