CVE Vulnerability

CVE-2018-18660

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/ Third Party Advisory
https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US Patch Vendor Advisory
https://support.arcserve.com/s/article/360001392563?language=en_US Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:arcserve:udp:*:*:*:*:*:*:*:*
cpe:2.3:a:arcserve:udp:6.5:-:*:*:*:*:*:*
cpe:2.3:a:arcserve:udp:6.5:update_1:*:*:*:*:*:*
cpe:2.3:a:arcserve:udp:6.5:update_2:*:*:*:*:*:*
cpe:2.3:a:arcserve:udp:6.5:update_3:*:*:*:*:*:*
cpe:2.3:a:arcserve:udp:6.5:update_4:*:*:*:*:*:*
Information

Published : 2018-10-26 02:29

Updated : 2019-09-19 04:47

NVD link : CVE-2018-18660

Mitre link : CVE-2018-18660

Products Affected
No products.
CWE
CWE-79