Arcserve UDP Path Traversal File Upload Vulnerability

Arcserve UDP Path Traversal File Upload Vulnerability

CVE-2023-42000 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the UDP agent is installed.

Learn more about our Cis Benchmark Audit For Server Software.