2 results (0.011 seconds)

CVSS: 9.4EPSS: 80%CPEs: 1EXPL: 0

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet. Vulnerabilidad de salto de directorio en Arcserve UDP anterior a 5.0 Update 4 permite a atacantes remotos obtener información sensible o causar una denegación de servicio a través de una ruta de fichero manipulada en el servlet (1) reportFileServlet o (2) exportServlet. This vulnerability allows remote attackers to disclose and delete files on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the exportServlet servlet. The issue lies in the failure to sanitize the path of files requested. • http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html http://www.securityfocus.com/bid/74845 http://www.zerodayinitiative.com/advisories/ZDI-15-241 http://www.zerodayinitiative.com/advisories/ZDI-15-242 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 90%CPEs: 1EXPL: 0

The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. El servicio web EdgeServiceImpl en Arcserve UDP anterior a 5.0 Update 4 permite a atacantes remotos obtener información sensible a través de una solicitud SOAP manipulada al método (1) getBackupPolicy o (2) getBackupPolicies. This vulnerability allows remote attackers to disclose information on vulnerable installations of Arcserve Unified Data Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getBackupPolicies method of the EdgeServiceImpl web service. By sending a crafted SOAP request, this method will return an individual application's backup policies which contains sensitive credentials. • http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html http://www.securityfocus.com/bid/74838 http://www.zerodayinitiative.com/advisories/ZDI-15-243 http://www.zerodayinitiative.com/advisories/ZDI-15-244 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •