CVE-2010-3984

2011-01-0723:00:19

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

0.409

Percentile

97.3%

JSON

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.

Affected configurations

Nvd

Node

caarcserve_replication_and_high_availabilityMatchr15.0sp1

caxosoft_content_distributionMatchr12.0sp1

caxosoft_content_distributionMatchr12.5sp2

caxosoft_high_availabilityMatchr12.0sp1

caxosoft_high_availabilityMatchr12.5sp2

caxosoft_replicationMatchr12.0sp1

caxosoft_replicationMatchr12.5sp2

VendorProductVersionCPE
caarcserve_replication_and_high_availabilityr15.0cpe:2.3:a:ca:arcserve_replication_and_high_availability:r15.0:sp1:*:*:*:*:*:*
caxosoft_content_distributionr12.0cpe:2.3:a:ca:xosoft_content_distribution:r12.0:sp1:*:*:*:*:*:*
caxosoft_content_distributionr12.5cpe:2.3:a:ca:xosoft_content_distribution:r12.5:sp2:*:*:*:*:*:*
caxosoft_high_availabilityr12.0cpe:2.3:a:ca:xosoft_high_availability:r12.0:sp1:*:*:*:*:*:*
caxosoft_high_availabilityr12.5cpe:2.3:a:ca:xosoft_high_availability:r12.5:sp2:*:*:*:*:*:*
caxosoft_replicationr12.0cpe:2.3:a:ca:xosoft_replication:r12.0:sp1:*:*:*:*:*:*
caxosoft_replicationr12.5cpe:2.3:a:ca:xosoft_replication:r12.5:sp2:*:*:*:*:*:*

Vendor	Product	Version	CPE
ca	arcserve_replication_and_high_availability	r15.0	cpe:2.3:a:ca:arcserve_replication_and_high_availability:r15.0:sp1::::::
ca	xosoft_content_distribution	r12.0	cpe:2.3:a:ca:xosoft_content_distribution:r12.0:sp1::::::
ca	xosoft_content_distribution	r12.5	cpe:2.3:a:ca:xosoft_content_distribution:r12.5:sp2::::::
ca	xosoft_high_availability	r12.0	cpe:2.3:a:ca:xosoft_high_availability:r12.0:sp1::::::
ca	xosoft_high_availability	r12.5	cpe:2.3:a:ca:xosoft_high_availability:r12.5:sp2::::::
ca	xosoft_replication	r12.0	cpe:2.3:a:ca:xosoft_replication:r12.0:sp1::::::
ca	xosoft_replication	r12.5	cpe:2.3:a:ca:xosoft_replication:r12.5:sp2::::::