PT-2025-34946 · Arcserve · Arcserve Unified Data Protection
Watchtowr
·
Publicado
2025-08-27
·
Atualizado
2026-03-01
·
CVE-2025-34520
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Arcserve Unified Data Protection (UDP) versions prior to 10.2
Arcserve Unified Data Protection (UDP) versions 8.0 through 10.1
Arcserve Unified Data Protection (UDP) versions 7.x and earlier
Description:
An authentication bypass in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. Attackers can bypass login mechanisms without valid credentials and access administrator-level features by manipulating request parameters or exploiting a logic flaw.
Recommendations:
Upgrade to Arcserve Unified Data Protection (UDP) version 10.2.
Apply the available patch for Arcserve Unified Data Protection (UDP) versions 8.0 through 10.1.
Upgrade to Arcserve Unified Data Protection (UDP) version 10.2 from versions 7.x and earlier.
Correção
Authentication Bypass Using an Alternate Path or Channel
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Arcserve Unified Data Protection