CA.BrightStor.ARCServe.Backup.LGServer.Arbitrary.File.Upload
Description
This indicates a possible exploit of a directory traversal vulnerability in CA BrightStor ARCServe Backup for Laptops and Desktops.
The vulnerability is due to insufficient access control in the LGServer process while handling file uploads from remote users.
Affected Products
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.0
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP2
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP1
Computer Associates BrightStor ARCserve Backup for Laptops and Desktop 11.5
Impact
Attackers may gain access to arbitrary files.
Recommended Actions
The vendor has issued the following fixes:
CA ARCserve Backup for Laptops and Desktops (BMB) r4.0: QO91013
CA ARCserve Backup for Laptops and Desktops 11.1: QO91014
CA ARCserve Backup for Laptops and Desktops 11.5: QO91015
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |