Remote Credential Exposure in Arcserve UDP by CA Technologies
CVE-2015-4069

Currently unrated

Key Information:

Vendor: Arcserve
Status: Arcserve Unified Data Protection
Vendor: CVE Published:; 29 May 2015

Summary

A vulnerability exists in the EdgeServiceImpl web service of Arcserve UDP prior to version 5.0 Update 4, allowing remote attackers to exploit crafted SOAP requests. This could potentially enable them to retrieve sensitive credentials by invoking the 'getBackupPolicy' or 'getBackupPolicies' methods, compromising the integrity and confidentiality of user data.

References

http://www.securityfocus.com/bid/74838

vdb-entryx_refsource_BID

http://documentation.arcserve.com/Arcserve-UDP/Available/...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-15-243/

x_refsource_MISC

Timeline

Vulnerability published
May 29, 2015
Vulnerability Reserved
May 22, 2015