CVE-2015-4068
KEV
🔴 Łataj teraz
Wykorzystanie podatności na traversję katalogów w Arcserve UDP umożliwia zdalne uzyskanie wrażliwych danych.
CVSS
9.1
EPSS
80.4%
Exploit
weaponized
Vendor
arcserve
Opis źródłowy (NVD)
Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.
dos path-traversal
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.1 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 80.4% |
| Opublikowano (NVD) | 2015-05-29 15:59:23 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 16:27:29 UTC |
Referencje
- http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html (cve@mitre.org) [Release Notes, Vendor Advisory]
- http://www.securityfocus.com/bid/74845 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.zerodayinitiative.com/advisories/ZDI-15-241/ (cve@mitre.org) [Third Party Advisory, VDB Entry]
- http://www.zerodayinitiative.com/advisories/ZDI-15-242/ (cve@mitre.org) [Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4068 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]