CVE-2024-0801 – Unauthenticated DoS in Arcserve Unified Data Protection
https://notcve.org/view.php?id=CVE-2024-0801
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. Existe una vulnerabilidad de denegación de servicio en Arcserve Unified Data Protection 9.2 y 8.1 en ASNative.dll. • https://www.tenable.com/security/research/tra-2024-07 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVE-2024-0800 – Authentication Bypass via wizardLogin in Arcserve Unified Data Protection
https://notcve.org/view.php?id=CVE-2024-0800
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Existe una vulnerabilidad de path traversal en Arcserve Unified Data Protection 9.2 y 8.1 en edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. • https://www.tenable.com/security/research/tra-2024-07 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-0799 – Authentication Bypass via wizardLogin in Arcserve Unified Data Protection
https://notcve.org/view.php?id=CVE-2024-0799
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin. Existe una vulnerabilidad de omisión de autenticación en Arcserve Unified Data Protection 9.2 y 8.1 en la función edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() dentro de WizardLogin. • https://www.tenable.com/security/research/tra-2024-07 • CWE-287: Improper Authentication •