Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-2241

Опубликовано: 21 мая 2008
Источник: nvd
CVSS2: 10
EPSS Низкий

Описание

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:r11.0:*:*:*:*:*:*:*
cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_small_business_server_premium:*:*:*:*:*
cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_small_business_server_standard:*:*:*:*:*

EPSS

Процентиль: 91%
0.06947
Низкий

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-rf6w-c4pq-fpfw

github
почти 4 года назад

Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

EPSS

Процентиль: 91%
0.06947
Низкий

10 Critical

CVSS2

Дефекты

CWE-22