10
CVE-2008-2241
- EPSS 11.94%
- Veröffentlicht 21.05.2008 13:24:00
- Zuletzt bearbeitet 16.06.2026 22:53:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Broadcom ≫ Brightstor Arcserve Backup Version11.1
Broadcom ≫ Brightstor Arcserve Backup Version11.5
Broadcom ≫ Server Protection Suite Version2
Ca ≫ Brightstor Arcserve Backup Version11.0
Ca ≫ Brightstor Arcserve Backup Versionr11.0
Ca ≫ Business Protection Suite Version2.0 Editionmicrosoft_small_business_server_premium
Ca ≫ Business Protection Suite Version2.0 Editionmicrosoft_small_business_server_standard
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.94% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
http://secunia.com/advisories/30300
http://www.securityfocus.com/archive/1/492266/100/0/threaded
http://www.securityfocus.com/archive/1/492274/100/0/threaded
http://www.securityfocus.com/bid/29283
http://www.securitytracker.com/id?1020043
http://www.vupen.com/english/advisories/2008/1573/references
http://www.zerodayinitiative.com/advisories/ZDI-08-027/
https://exchange.xforce.ibmcloud.com/vulnerabilities/42524
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798