Arcserve Udp

16 CVEs affecting Arcserve Udp. Latest disclosed: 2025-08-27. Critical: 9, High: 5.

Top CVEs affecting Arcserve Udp
CVESeverityScorePublishedSummary
CVE-2025-34523Critical9.82025-08-27A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachab…
CVE-2025-34522Critical9.82025-08-27A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without auth…
CVE-2025-34520Critical9.82025-08-27An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected func…
CVE-2024-0799Critical9.82024-03-13An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.s…
CVE-2023-42000Critical9.82023-11-27Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remot…
CVE-2023-41999Critical9.82023-11-27An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that all…
CVE-2023-41998Critical9.82023-11-27Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacke…
CVE-2023-26258Critical9.82023-07-03Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. Thi…
CVE-2015-4068Critical9.12015-05-29Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via…
CVE-2024-0800High8.82024-03-13A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servle…
CVE-2024-0801High7.52024-03-13A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
CVE-2018-18659High7.52018-10-26An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpSe…
CVE-2018-18658High7.52018-10-26An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclo…
CVE-2018-18657High7.52018-10-26An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclo…
CVE-2018-18660Medium6.12018-10-26An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenti…
CVE-2025-34521Medium5.42025-08-27A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is…