Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities | allinfosecnews.com

March 13, 2024, 6:49 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities

Multiple vulnerabilities exist in Arcserve Unified Data Protection (UDP) 9.2.

CVE-2024-0799 - wizardLogin Authentication Bypass (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

An authentication bypass vulnerability exists in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). When a NULL password is passed to the method, a UUID is used for authentication:

public void doLogin(HttpSession session, Boolean isLocal, String username, String password, String domain, String hostname, String protocol, int port) throws ClientException {

[...]

if (password != null) {

client.getBaseService().validateUser(username, password, domain);

} else {

String uuid …

arcserve data data protection protection vulnerabilities

More from www.tenable.com / Tenable Research Advisories

Fluent Bit Memory Corruption Vulnerability 2 weeks, 1 day ago | www.tenable.com

corruption memory memory corruption vulnerability

Cross-Site Scripting in WordPress RSS Aggregator Plugin 2 weeks, 4 days ago | www.tenable.com

cross-site plugin rss scripting +1

Solidus Stored Cross-Site Scripting 2 weeks, 4 days ago | www.tenable.com

cross-site inject javascript malicious +8

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 3 weeks, 2 days ago | www.tenable.com

access account action admin +42

Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities 3 weeks, 5 days ago | www.tenable.com

cve cve-2024 cvss delta +11

Approach.App Multiple Vulnerabilities 1 month, 1 week ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 month, 1 week ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 month, 2 weeks ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 1 month, 3 weeks ago | www.tenable.com

application attachment cookie date +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com