CVE-2015-4068

CRITICAL KEV

Arcserve Udp < 5.0 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive information or cause a denial of service via a crafted file path to the (1) reportFileServlet or (2) exportServlet servlet.

References (5)

Scores

CVSS v3 9.1
EPSS 0.8042
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CISA KEV 2022-03-25
VulnCheck KEV 2022-01-12
InTheWild.io 2022-03-25
ENISA EUVD EUVD-2015-4094
CWE
CWE-22
Status published
Products (2)
arcserve/udp 5.0
arcserve/udp < 5.0
Published May 29, 2015
KEV Added Mar 25, 2022
Tracked Since Feb 18, 2026