all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities

Add to bookmarks
March 13, 2024, 6:49 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities

Multiple vulnerabilities exist in Arcserve Unified Data Protection (UDP) 9.2.

 

CVE-2024-0799 - wizardLogin Authentication Bypass (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

 

An authentication bypass vulnerability exists in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). When a NULL password is passed to the method, a UUID is used for authentication:

 

  public void doLogin(HttpSession session, Boolean isLocal, String username, String password, String domain, String hostname, String protocol, int port) throws ClientException {

  [...]

      if (password != null) {

        client.getBaseService().validateUser(username, password, domain);

      } else {

        String uuid …

arcserve data data protection protection vulnerabilities

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 4 days ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 4 days ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 6 days ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 4 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Engineer

@ Commit | San Francisco
View on infosec-jobs.com

Trainee (m/w/d) Security Engineering CTO Taskforce Team

@ CHECK24 | Berlin, Germany
View on infosec-jobs.com

Security Engineer

@ EY | Nicosia, CY, 1087
View on infosec-jobs.com

Information System Security Officer (ISSO) Level 3-COMM Job#455

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Application Security Engineer

@ Wise | London, United Kingdom
View on infosec-jobs.com
View more jobs