CVE-2024-0801 – Unauthenticated DoS in Arcserve Unified Data Protection
https://notcve.org/view.php?id=CVE-2024-0801
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. Existe una vulnerabilidad de denegación de servicio en Arcserve Unified Data Protection 9.2 y 8.1 en ASNative.dll. • https://www.tenable.com/security/research/tra-2024-07 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVE-2024-0800 – Authentication Bypass via wizardLogin in Arcserve Unified Data Protection
https://notcve.org/view.php?id=CVE-2024-0800
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Existe una vulnerabilidad de path traversal en Arcserve Unified Data Protection 9.2 y 8.1 en edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. • https://www.tenable.com/security/research/tra-2024-07 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-0799 – Authentication Bypass via wizardLogin in Arcserve Unified Data Protection
https://notcve.org/view.php?id=CVE-2024-0799
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin. Existe una vulnerabilidad de omisión de autenticación en Arcserve Unified Data Protection 9.2 y 8.1 en la función edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() dentro de WizardLogin. • https://www.tenable.com/security/research/tra-2024-07 • CWE-287: Improper Authentication •
CVE-2023-42000 – Arcserve UDP Agent Unauthenticated Path Traversal File Upload
https://notcve.org/view.php?id=CVE-2023-42000
Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed. Arcserve UDP anterior a 9.2 contiene una vulnerabilidad de Path Traversal en com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Un atacante remoto no autenticado puede aprovecharlo para cargar archivos arbitrarios en cualquier ubicación del sistema de archivos donde esté instalado el agente UDP. • https://www.tenable.com/security/research/tra-2023-37 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-41999 – Arcserve UDP Management Authentication Bypass
https://notcve.org/view.php?id=CVE-2023-41999
An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication. Existe una omisión de autenticación en Arcserve UDP antes de la versión 9.2. Un atacante remoto no autenticado puede obtener un identificador de autenticación válido que le permita autenticarse en la consola de administración y realizar tareas que requieran autenticación. • https://www.tenable.com/security/research/tra-2023-37 • CWE-287: Improper Authentication •