Skip to main content

Udp

14 CVEs product

Monthly

CVE-2025-34522 CRITICAL This Week

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Udp
NVD
CVSS 4.0
9.2
EPSS
0.7%
CVE-2025-34521 MEDIUM Monitor

A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Udp
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-34520 HIGH This Month

An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Udp
NVD
CVSS 4.0
7.7
EPSS
0.3%
CVE-2024-0801 HIGH POC THREAT This Week

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Udp
NVD
CVSS 3.1
7.5
EPSS
41.8%
CVE-2024-0800 HIGH POC This Week

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Udp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-0799 CRITICAL POC Act Now

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2023-42000 CRITICAL POC Act Now

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Udp
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-41999 CRITICAL POC Act Now

An authentication bypass exists in Arcserve UDP prior to version 9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-41998 CRITICAL POC THREAT Act Now

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Udp
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2023-26258 CRITICAL POC THREAT Act Now

Arcserve UDP through 9.0.6034 allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
37.7%
CVE-2018-18660 MEDIUM PATCH This Month

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Udp
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-18659 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Udp
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-18658 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Udp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-18657 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Udp
NVD
CVSS 3.0
7.5
EPSS
1.3%
EPSS 1% CVSS 9.2
CRITICAL This Week

A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Udp
NVD
EPSS 0% CVSS 7.7
HIGH This Month

An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Udp
NVD
EPSS 42% CVSS 7.5
HIGH POC THREAT This Week

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Udp
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Udp
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Udp
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An authentication bypass exists in Arcserve UDP prior to version 9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
EPSS 15% CVSS 9.8
CRITICAL POC THREAT Act Now

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Udp
NVD
EPSS 38% CVSS 9.8
CRITICAL POC THREAT Act Now

Arcserve UDP through 9.0.6034 allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Udp
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Udp
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Udp
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Udp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy