Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2008-4397
HistoryOct 14, 2008 - 9:10 p.m.

CVE-2008-4397

2008-10-1421:10:35
CWE-20
CWE-22
mitre
web.nvd.nist.gov
33
2
security
vulnerability
directory traversal
ca arcserve backup
remote attackers
arbitrary commands
nvd
cve-2008-4397

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.891

Percentile

98.7%

JSON

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a … (dot dot) in an RPC call with opnum 0x10A.

Affected configurations

Nvd
Node
broadcomarcserve_backupMatchr12.0
OR
broadcombusiness_protection_suiteMatchr2
OR
broadcomserver_protection_suiteMatchr2
OR
caarcserve_backupMatchr11.1
OR
caarcserve_backupMatchr11.5
OR
cabusiness_protection_suiteMatchr2microsoft_small_business_server_premium
OR
cabusiness_protection_suiteMatchr2microsoft_small_business_server_standard
VendorProductVersionCPE
broadcomarcserve_backupr12.0cpe:2.3:a:broadcom:arcserve_backup:r12.0:*:*:*:*:*:*:*
broadcombusiness_protection_suiter2cpe:2.3:a:broadcom:business_protection_suite:r2:*:*:*:*:*:*:*
broadcomserver_protection_suiter2cpe:2.3:a:broadcom:server_protection_suite:r2:*:*:*:*:*:*:*
caarcserve_backupr11.1cpe:2.3:a:ca:arcserve_backup:r11.1:*:*:*:*:*:*:*
caarcserve_backupr11.5cpe:2.3:a:ca:arcserve_backup:r11.5:*:*:*:*:*:*:*
cabusiness_protection_suiter2cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_premium:*:*:*:*:*
cabusiness_protection_suiter2cpe:2.3:a:ca:business_protection_suite:r2:*:microsoft_small_business_server_standard:*:*:*:*:*

Social References

More

Related

cvelist 1
exploitdb 1
metasploit 1
packetstorm 2
canvas 1
securityvulns 3
nessus 1
prion 1
nvd 1
exploitpack 1
cvelist
cvelist
CVE-2008-4397
2008-10-14 20:00:00
exploitdb
exploitdb
Computer Associates ARCserve - REPORTREMOTEEXECUTECML Buffer Overflow (Metasploit)
2010-04-30 00:00:00
metasploit
metasploit
Computer Associates ARCserve REPORTREMOTEEXECUTECML Buffer Overflow
2009-12-04 02:55:00
packetstorm
packetstorm
cabrightstor-exec.txt
2008-10-11 00:00:00
Computer Associates ARCserve REPORTREMOTEEXECUTECML Buffer Overflow
2009-12-31 00:00:00
canvas
canvas
Immunity Canvas: BRIGHTSTOR_CMDEXEC
2008-10-14 21:10:00
securityvulns
securityvulns
CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability
2008-10-14 00:00:00
CA ARCserve Backup Multiple Vulnerabilities
2008-10-12 00:00:00
CA ARCserve Backup multiple security vulnerabilities
2008-10-15 00:00:00
nessus
nessus
CA BrightStor ARCserve Backup RPC Interface (asdbapi.dll) Traversal Arbitrary Command Execution
2008-10-14 00:00:00
prion
prion
Directory traversal
2008-10-14 21:10:00
nvd
nvd
CVE-2008-4397
2008-10-14 21:10:35
exploitpack
exploitpack
CA-ArcServe
2008-06-12 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.891

Percentile

98.7%

JSON
Related for CVE-2008-4397
cvelist1exploitdb1metasploit1packetstorm2canvas1securityvulns3nessus1prion1nvd1exploitpack1