Описание
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:broadcom:arcserve_backup:r12.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:business_protection_suite:r2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:server_protection_suite:r2:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_premium:*:*:*:*:*
cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_standard:*:*:*:*:*
EPSS
Процентиль: 99%
0.85816
Высокий
10 Critical
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
EPSS
Процентиль: 99%
0.85816
Высокий
10 Critical
CVSS2
Дефекты
CWE-20