QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4397

Published: Oct 14, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

ca-arcservebackup-message-command-execution(45774)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability

mailing-list

x_refsource_BUGTRAQ

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20081009 CA ARCserve Backup Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.