Authentication Bypass Vulnerability in Edge-App-Base-WebUI
CVE-2024-0799

9.8CRITICAL

Key Information:

Vendor: Arcserve
Status: Unified Data Protection
Vendor: CVE Published:; 13 March 2024

Badges

🟣 EPSS 51%📰 News Worthy

What is CVE-2024-0799?

An authentication bypass vulnerability exists within the Arcserve Unified Data Protection software, specifically in versions 9.2 and 8.1. This flaw resides in the edge-app-base-webui.jar's EdgeLoginServiceImpl.doLogin() function, which is responsible for handling user login attempts through the wizard interface. Exploiting this vulnerability allows unauthorized users to bypass authentication mechanisms, potentially gaining access to sensitive data and system functionalities. Organizations using affected versions are advised to implement immediate protective measures and monitor for any unauthorized access.

Affected Version(s)

Unified Data Protection 0 <= 9.2

Unified Data Protection 0 <= 8.1

News Articles

Help Net Security

CVE-2024-0799 CVE-2024-0800

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) - Help Net Security

Arcserve UDP vulnerabilities (CVE-2024-0799, CVE-2024-0800) can be chained to upload malicious files to the underlying Windows system.

References

https://www.tenable.com/security/research/tra-2024-07

EPSS Score

51% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Help Net Security
Mar 14, 2024
Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Jan 22, 2024

JSON