9.8

CVE-2024-0799

Exploit

Authentication Bypass via wizardLogin in Arcserve Unified Data Protection

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArcserveUdp Version8.1
ArcserveUdp Version9.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.88% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
vulnreport@tenable.com 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.