Authentication Bypass Vulnerability in Edge-App-Base-WebUI
CVE-2024-0799

9.8CRITICAL

Key Information:

Vendor

Arcserve

Status
Unified Data Protection
Vendor
CVE Published:
13 March 2024

Badges

🟣 EPSS 45%πŸ“° News Worthy

What is CVE-2024-0799?

An authentication bypass vulnerability exists within the Arcserve Unified Data Protection software, specifically in versions 9.2 and 8.1. This flaw resides in the edge-app-base-webui.jar's EdgeLoginServiceImpl.doLogin() function, which is responsible for handling user login attempts through the wizard interface. Exploiting this vulnerability allows unauthorized users to bypass authentication mechanisms, potentially gaining access to sensitive data and system functionalities. Organizations using affected versions are advised to implement immediate protective measures and monitor for any unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Unified Data Protection 0 <= 9.2

Unified Data Protection 0 <= 8.1

News Articles

favicon imageHelp Net Security

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) - Help Net Security

Arcserve UDP vulnerabilities (CVE-2024-0799, CVE-2024-0800) can be chained to upload malicious files to the underlying Windows system.

References

https://www.tenable.com/security/research/tra-2024-07

EPSS Score

45% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

JSON
.