Arcserve Udp vulnerabilities
3 known vulnerabilities affecting arcserve/arcserve_udp.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2023-41998P2CRITICALCVSS 9.8fixed in 9.22023-11-27
CVE-2023-41998 [CRITICAL] CWE-434 CVE-2023-41998: Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.
nvd
CVE-2023-41999P2CRITICALCVSS 9.8fixed in 9.22023-11-27
CVE-2023-41999 [CRITICAL] CWE-287 CVE-2023-41999: An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote att
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication.
nvd
CVE-2023-42000P2CRITICALCVSS 9.8fixed in 9.22023-11-27
CVE-2023-42000 [CRITICAL] CWE-22 CVE-2023-42000: Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servl
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.
nvd