CVE-2011-3011
CA Arcserve D2d - Information Disclosure
Title source: ruleDescription
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/41707
metasploit
WORKING POC
EXCELLENT
by bannedit, rgod · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ca_arcserve_rpc_authbypass.rb
References (4)
Scores
EPSS
0.7034
EPSS Percentile
98.7%
Details
CWE
CWE-200
Status
published
Products (1)
ca/arcserve_d2d
r15
Published
Aug 15, 2011
Tracked Since
Feb 18, 2026