Path Traversal Vulnerability in Arcserve Unified Data Protection
CVE-2024-0800

8.8HIGH

Key Information:

Vendor: Arcserve
Status: Unified Data Protection
Vendor: CVE Published:; 13 March 2024

Badges

📰 News Worthy

Summary

A path traversal vulnerability has been identified in Arcserve Unified Data Protection, specifically in the edge-app-base-webui.jar component. This vulnerability allows attackers to manipulate file paths, potentially leading to unauthorized access to sensitive files outside of the intended directories. Affected versions include 9.2 and 8.1, highlighting a critical need for security measures to safeguard data integrity and confidentiality within these systems.

Affected Version(s)

Unified Data Protection 0 <= 9.2

Unified Data Protection 0 <= 8.1

News Articles

securityonline.info

CVE-2024-0800

CVE-2024-0800 Archives

VulnerabilityMarch 14, 2024Critical Vulnerabilities in Arcserve UDP Software Demand Urgent ActionSecurity researchers at Tenable have exposed a dangerous chain of vulnerabilities within Arcserve Unified Data...

Help Net Security

CVE-2024-0799 CVE-2024-0800

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) - Help Net Security

Arcserve UDP vulnerabilities (CVE-2024-0799, CVE-2024-0800) can be chained to upload malicious files to the underlying Windows system.

References

https://www.tenable.com/security/research/tra-2024-07

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by Help Net Security
Mar 14, 2024
Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Jan 22, 2024