Unauthenticated Sensitive Information Disclosure in Arcserve Unified Data Protection
CVE-2018-18658

7.5HIGH

Key Information:

Vendor

Arcserve

Status
Udp
Vendor
CVE Published:
26 October 2018

What is CVE-2018-18658?

An unauthenticated sensitive information disclosure vulnerability exists in Arcserve Unified Data Protection (UDP) version 6.5 Update 4. This flaw allows attackers to access potentially sensitive configuration information through the endpoint /UDPUpdates/Config/FullUpdateSettings.xml. Successful exploitation can lead to exposure of critical data, compromising the confidentiality of the system. Consequently, organizations using this product should apply the necessary updates and follow security best practices.

References

https://support.arcserve.com/s/article/360001392563?langu...
x_refsource_MISC
https://www.digitaldefense.com/blog/zero-day-alerts/arcse...
x_refsource_MISC
https://support.arcserve.com/s/article/Security-vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2018-18658 : Unauthenticated Sensitive Information Disclosure in Arcserve Unified Data Protection