Information disclosure in Ca Arcserve_d2d
CVE-2011-3011
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
Vulnerability class: Information Disclosure
EPSS: 0.703 (98.7th percentile) — read the EPSS interpretation.
Affected products
- Ca Arcserve_d2d — versions r15
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 8338 (x_refsource_SREASON, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- 20110810 CA20110809-01: Security Notice for CA ARCserve D2D (mailing-list, x_refsource_BUGTRAQ)
- 48897 (Exploit, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2011-3011?
- CVE-2011-3011 is a vulnerability in Ca Arcserve_d2d, classified under Information Disclosure. Published 2011-08-15.
- Is CVE-2011-3011 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.