CVE-2023-26258
- EPSS 73.54%
- Veröffentlicht 03.07.2023 15:15:10
- Zuletzt bearbeitet 21.11.2024 07:50:59
Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid...
CVE-2018-18657
- EPSS 0.37%
- Veröffentlicht 26.10.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:56:19
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl issue.
CVE-2018-18658
- EPSS 0.37%
- Veröffentlicht 26.10.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:56:19
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclosure via /UDPUpdates/Config/FullUpdateSettings.xml issue.
CVE-2018-18659
- EPSS 0.31%
- Veröffentlicht 26.10.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:56:19
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpService issue.
CVE-2018-18660
- EPSS 0.31%
- Veröffentlicht 26.10.2018 14:29:01
- Zuletzt bearbeitet 21.11.2024 03:56:19
An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
CVE-2015-4068
- EPSS 84.12%
- Veröffentlicht 29.05.2015 15:59:23
- Zuletzt bearbeitet 22.10.2025 00:15:43
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.