CVE-2007-5006

Broadcom Brightstor Arcserve Backup L... - Authentication Bypass

Title source: rule

Description

Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores.

References (8)

[Vendor Advisory] http://secunia.com/advisories/25606

[Patch] http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp

[Patch] http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=156006

[Patch] http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35677

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/480252/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24348

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018728

[Third Party Advisory] http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=598

Scores

EPSS 0.0178

EPSS Percentile 82.5%

Classification

CWE

CWE-287

Status draft

Affected Products (9)

broadcom/brightstor_arcserve_backup_laptops_desktops

broadcom/desktop_management_suite

ca/protection_suites

Timeline

Published Oct 01, 2007

Tracked Since Feb 18, 2026