Authentication Bypass Vulnerability in Edge-App-Base-WebUI
CVE-2024-0799

9.8CRITICAL

Key Information:

Vendor
Arcserve
Status
Unified Data Protection
Vendor
CVE Published:
13 March 2024

Badges

đź“° News Worthy

Summary

An authentication bypass vulnerability exists within the Arcserve Unified Data Protection software, specifically in versions 9.2 and 8.1. This flaw resides in the edge-app-base-webui.jar's EdgeLoginServiceImpl.doLogin() function, which is responsible for handling user login attempts through the wizard interface. Exploiting this vulnerability allows unauthorized users to bypass authentication mechanisms, potentially gaining access to sensitive data and system functionalities. Organizations using affected versions are advised to implement immediate protective measures and monitor for any unauthorized access.

Affected Version(s)

Unified Data Protection 0 <= 9.2

Unified Data Protection 0 <= 8.1

News Articles

favicon imageHelp Net Security

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) - Help Net Security

Arcserve UDP vulnerabilities (CVE-2024-0799, CVE-2024-0800) can be chained to upload malicious files to the underlying Windows system.

References

https://www.tenable.com/security/research/tra-2024-07

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-0799 : Authentication Bypass Vulnerability in Edge-App-Base-WebUI | SecurityVulnerability.io