CVE-2015-4069

Name of the Vulnerable Software and Affected Versions Arcserve UDP versions prior to 5.0 Update 4

Description The issue allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the getBackupPolicy or getBackupPolicies method. This is related to the EdgeServiceImpl web service in Arcserve UDP.

Recommendations For versions prior to 5.0 Update 4, update to version 5.0 Update 4 or later to resolve the issue. As a temporary workaround, consider restricting access to the EdgeServiceImpl web service until a patch is applied. Avoid using the getBackupPolicy and getBackupPolicies methods in the affected API endpoint until the issue is resolved.