Improper Session Handling in CA ARCserve D2D r15 Allows Remote Credential Theft and Command Execution

Improper Session Handling in CA ARCserve D2D r15 Allows Remote Credential Theft and Command Execution

CVE-2011-3011 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.