CVE-2024-0799

CRITICAL9.8

Public PoC

Description

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Arcserve / Unified Data Protection0 – 9.2
Arcserve / Unified Data Protection0 – 8.1

Exploits & PoCs

nucleiArcserve Unified Data Protection - Authentication Bypassby daffainfo

References

MISChttps://www.tenable.com/security/research/tra-2024-07