Vulnerability Description
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Arcserve Backup | r12.0 |
| Broadcom | Business Protection Suite | r2 |
| Broadcom | Server Protection Suite | r2 |
| Ca | Arcserve Backup | r11.1 |
| Ca | Business Protection Suite | r2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32220Vendor Advisory
- http://securityreason.com/securityalert/4412
- http://www.securityfocus.com/archive/1/497218
- http://www.securityfocus.com/archive/1/497281/100/0/threaded
- http://www.securityfocus.com/bid/31684
- http://www.securitytracker.com/id?1021032
- http://www.vupen.com/english/advisories/2008/2777
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45774
- https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143PatchVendor Advisory
- http://secunia.com/advisories/32220Vendor Advisory
- http://securityreason.com/securityalert/4412
- http://www.securityfocus.com/archive/1/497218
- http://www.securityfocus.com/archive/1/497281/100/0/threaded
- http://www.securityfocus.com/bid/31684
- http://www.securitytracker.com/id?1021032
FAQ
What is CVE-2008-4397?
CVE-2008-4397 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary comman...
How severe is CVE-2008-4397?
CVE-2008-4397 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4397?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Arcserve Backup, Broadcom Business Protection Suite, Broadcom Server Protection Suite, Ca Arcserve Backup, Ca Business Protection Suite.