Vulnerabilities > Arcserve

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-41998 Unrestricted Upload of File with Dangerous Type vulnerability in Arcserve UDP
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface.
network
low complexity
arcserve CWE-434
critical
 9.8
9.8
2023-11-27 CVE-2023-41999 Improper Authentication vulnerability in Arcserve UDP
An authentication bypass exists in Arcserve UDP prior to version 9.2.
network
low complexity
arcserve CWE-287
critical
 9.8
9.8
2023-11-27 CVE-2023-42000 Path Traversal vulnerability in Arcserve UDP
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload().
network
low complexity
arcserve CWE-22
critical
 9.8
9.8
2023-07-03 CVE-2023-26258 Incorrect Authorization vulnerability in Arcserve UDP
Arcserve UDP through 9.0.6034 allows authentication bypass.
network
low complexity
arcserve CWE-863
critical
 9.8
9.8
2021-01-20 CVE-2020-27858 XXE vulnerability in Arcserve D2D 16.5
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5.
network
low complexity
arcserve CWE-611
5.0
5.0
2018-10-26 CVE-2018-18660 Cross-site Scripting vulnerability in Arcserve UDP 5.0/6.0/6.5
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.
network
arcserve CWE-79
4.3
4.3
2018-10-26 CVE-2018-18659 XXE vulnerability in Arcserve UDP 6.0/6.5
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.
network
low complexity
arcserve CWE-611
5.0
5.0
2018-10-26 CVE-2018-18658 Information Exposure vulnerability in Arcserve UDP 6.0/6.5
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.
network
low complexity
arcserve CWE-200
5.0
5.0
2018-10-26 CVE-2018-18657 Information Exposure vulnerability in Arcserve UDP 6.0/6.5
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4.
network
low complexity
arcserve CWE-200
5.0
5.0
2015-05-29 CVE-2015-4069 Information Exposure vulnerability in Arcserve Unified Data Protection
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.
network
low complexity
arcserve CWE-200
7.8
7.8