Reflected Cross-site Scripting Vulnerability in Arcserve Unified Data Protection by Arcserve
CVE-2018-18660

6.1MEDIUM

Key Information:

Vendor

Arcserve

Status
Udp
Vendor
CVE Published:
26 October 2018

What is CVE-2018-18660?

A reflected cross-site scripting vulnerability exists in Arcserve Unified Data Protection, specifically impacting version 6.5 Update 4. This flaw allows attackers to craft malicious URLs that can execute scripts in the context of a user's session, potentially leading to unauthorized actions and data exposure when users interact with compromised links. It is critical for users of this software to implement recommended security patches and validate input on affected endpoints to mitigate risks.

References

https://support.arcserve.com/s/article/360001392563?langu...
x_refsource_MISC
https://www.digitaldefense.com/blog/zero-day-alerts/arcse...
x_refsource_MISC
https://support.arcserve.com/s/article/Security-vulnerabi...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2018-18660 : Reflected Cross-site Scripting Vulnerability in Arcserve Unified Data Protection by Arcserve