Sensitive Credentials Exposure in Arcserve UDP Web Service

Sensitive Credentials Exposure in Arcserve UDP Web Service

CVE-2015-4069 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.

Learn more about our Web App Pen Testing.