Malware, Phishing, Vulnerability Management

Four zero-days found, patched in Arcserve UDP platform

Digital Defense VRT has revealed for zero-day vulnerabilities in Arcserve Unified Data Protection platform.

ZeroDay
ZeroDay

The issues found were an unauthenticated sensitive Information disclosure via /gateway/services/EdgeServiceImpl, an unauthenticated XXE in /management/UdpHttpService, an unauthenticated sensitive information disclosure via /UDPUpdates/Config/FullUpdateSettings.xml and a Reflected cross-site scripting flaw via /authenticationendpoint/domain.jsp.

The two unauthenticated information disclosures and the external entity attack could be utilized by an attacker to gain access to a database and other credentials and to read files on the system hosting the UDP application without authentication. The reflected cross-site scripting issue could be utilized for phishing purposes, Digital Defense reported.

Arcserve has fixed the issues and the patch needed to update a system is available from Arcserve support.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds