CVE-2010-3984

CA ARCserve Replication and High Availability - Remote Code Execution via SOAP Request

Title source: llm
STIX 2.1

Description

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42561
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-263/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/515115/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45317
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024852

Scores

EPSS 0.0532
EPSS Percentile 91.7%

Details

CWE
CWE-119
Status published
Products (7)
ca/arcserve_replication_and_high_availability r15.0 sp1
ca/xosoft_content_distribution r12.0 sp1
ca/xosoft_content_distribution r12.5 sp2
ca/xosoft_high_availability r12.0 sp1
ca/xosoft_high_availability r12.5 sp2
ca/xosoft_replication r12.0 sp1
ca/xosoft_replication r12.5 sp2
Published Jan 07, 2011
Tracked Since Feb 18, 2026