What is CVE-2020-27858?

CVE-2020-27858 is a high-severity vulnerability in Arcserve D2d, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2021-01-20.

How severe is CVE-2020-27858?

High severity. CVSS v3 base score is 7.5 out of 10.

XXE in Arcserve D2d

CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews metho…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.738 (99.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Arcserve D2d — versions 16.5

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

www.zerodayinitiative.com/advisories/ZDI-20-1397/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-27858?: CVE-2020-27858 is a high-severity vulnerability in Arcserve D2d, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2021-01-20.
How severe is CVE-2020-27858?: High severity. CVSS v3 base score is 7.5 out of 10.