Arcserve Unified Data Protection vulnerabilities
6 known vulnerabilities affecting arcserve/unified_data_protection.
Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-0799P1CRITICALCVSS 9.8ExploitedPoC≤ 9.22024-03-13
CVE-2024-0799 [CRITICAL] CWE-287 CVE-2024-0799: An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
nvd
CVE-2024-0801P2HIGHCVSS 7.5ExploitedPoC≤ 9.22024-03-13
CVE-2024-0801 [HIGH] CWE-75 CVE-2024-0801: A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
nvd
CVE-2024-0800P2HIGHCVSS 8.8Exploited≤ 9.22024-03-13
CVE-2024-0800 [HIGH] CWE-434 CVE-2024-0800: A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-ba
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.
nvd
CVE-2025-34520P2CRITICALCVSS 9.8≥ 8.0, ≤ 10.1≤ 7.*2025-08-27
CVE-2025-34520 [CRITICAL] CWE-288 CVE-2025-34520: An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthentica
An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulating specific request parameters or exploiting a logic flaw, an attacker can bypass login mechanisms without valid credentials and access administrator
nvd
CVE-2025-34522P2CRITICALCVSS 9.8≥ 8.0, ≤ 10.1≤ 7.*2025-08-27
CVE-2025-34522 [CRITICAL] CWE-122 CVE-2025-34522: A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Dat
A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted input to the target system. Improper bounds checking allows an attacker to overwrite heap memory, potentially leading to application crashes or remote
nvd
CVE-2025-34521P4MEDIUMCVSS 5.4≥ 8.0, ≤ 10.1≤ 7.*2025-08-27
CVE-2025-34521 [MEDIUM] CWE-79 CVE-2025-34521: A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Uni
A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. This flaw allows remote attackers with low privileges to craft malicious links that, when visited by another user, execute arbitrary JavaScript in the v
nvd