Arcserve Udp
16 CVEs affecting Arcserve Udp. Latest disclosed: 2025-08-27. Critical: 9, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-34523 | Critical | 9.8 | 2025-08-27 | A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachab… |
CVE-2025-34522 | Critical | 9.8 | 2025-08-27 | A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without auth… |
CVE-2025-34520 | Critical | 9.8 | 2025-08-27 | An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected func… |
CVE-2024-0799 | Critical | 9.8 | 2024-03-13 | An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.s… |
CVE-2023-42000 | Critical | 9.8 | 2023-11-27 | Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remot… |
CVE-2023-41999 | Critical | 9.8 | 2023-11-27 | An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that all… |
CVE-2023-41998 | Critical | 9.8 | 2023-11-27 | Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacke… |
CVE-2023-26258 | Critical | 9.8 | 2023-07-03 | Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. Thi… |
CVE-2015-4068 | Critical | 9.1 | 2015-05-29 | Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via… |
CVE-2024-0800 | High | 8.8 | 2024-03-13 | A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servle… |
CVE-2024-0801 | High | 7.5 | 2024-03-13 | A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. |
CVE-2018-18659 | High | 7.5 | 2018-10-26 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in /management/UdpHttpSe… |
CVE-2018-18658 | High | 7.5 | 2018-10-26 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated Sensitive Information Disclo… |
CVE-2018-18657 | High | 7.5 | 2018-10-26 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated Sensitive Information Disclo… |
CVE-2018-18660 | Medium | 6.1 | 2018-10-26 | An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenti… |
CVE-2025-34521 | Medium | 5.4 | 2025-08-27 | A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is… |