Udp Console
Monthly
UDP Console in Arcserve allows information disclosure when an administrator configures the activation server hostname to an arbitrary or malicious URL, causing the product to unintentionally communicate with and leak data to the attacker-controlled domain. The vulnerability requires user interaction (configuring a malicious hostname) and affects all versions of Arcserve UDP Console, with CVSS 6.3 (network-accessible, low complexity) indicating moderate real-world risk. No active exploitation or public proof-of-concept has been identified at the time of analysis.
UDP Console in Arcserve allows information disclosure when an administrator configures the activation server hostname to an arbitrary or malicious URL, causing the product to unintentionally communicate with and leak data to the attacker-controlled domain. The vulnerability requires user interaction (configuring a malicious hostname) and affects all versions of Arcserve UDP Console, with CVSS 6.3 (network-accessible, low complexity) indicating moderate real-world risk. No active exploitation or public proof-of-concept has been identified at the time of analysis.