[Japanese]

JVNDB-2010-001494

Arbitrary Code Execution Vulnerability in CA ARCserve Backup and BrightStor ARCserve Backup

Overview

The version of JRE shipped with CA ARCserve Backup and BrightStor ARCserve Backup is vulnerable to arbitrary code execution.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


CA Technologies
  • CA ARCserve Backup r12.5 for Windows
  • CA ARCserve Backup r12.0 for Windows
  • CA ARCserve Backup r11.5 for Windows
Hitachi, Ltd
  • BrightStor ARCserve Backup r11.5 for Windows
  • BrightStor ARCserve Backup r11.5 for Windows SAN Secondary Server Bundle
  • BrightStor ARCserve Backup r11.5 for Windows Microsoft SQL Suite
  • BrightStor ARCserve Backup r11.5 for Windows Microsoft Exchange Suite
  • CA ARCserve Backup r12.5 for Windows
  • CA ARCserve Backup r12.5 for Windows SAN Secondary Server Bundle
  • CA ARCserve Backup r12 for Windows
  • CA ARCserve Backup r12 for Windows SAN Secondary Server Bundle

Impact

A remote attacker could execute arbitrary code on the affected system.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

CA Technologies Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS10-005
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/06/08]
      Web page published

Date Public2010/03/18
Date First Published2010/06/08
Date Last Updated2010/06/08