CVE-2008-4397

Description

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Related CPE's

acabusiness_protection_suiter2*microsoft_small_business_server_premium*****

acaarcserve_backupr11.1*******

acabusiness_protection_suiter2*microsoft_small_business_server_standard*****

acaarcserve_backupr11.5*******

abroadcomarcserve_backupr12.0*******

abroadcombusiness_protection_suiter2*******

abroadcomserver_protection_suiter2*******

References

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

PatchVendor Advisory

1021032

31684

20081009 CA ARCserve Backup Multiple Vulnerabilities

32220

Vendor Advisory

4412

ADV-2008-2777

ca-arcservebackup-message-command-execution(45774)

20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

10

Created by Yello
About Severity.io