CVE-2015-4069
Arcserve Unified Data Protection < 5.0 - Exposure of Sensitive Credentials via SOAP Request
Title source: llmDescription
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74838
Vendor Advisory x_refsource_confirm
http://documentation.arcserve.com/Arcserve-UDP/Available/V5/ENU/Bookshelf_Files/HTML/Update%204/UDP_Update4_ReleaseNotes.html
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-243/
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-244/
Scores
EPSS
0.0443
EPSS Percentile
90.2%
Details
CWE
CWE-200
Status
published
Products (1)
arcserve/arcserve_unified_data_protection
< 5.0
Published
May 29, 2015
Tracked Since
Feb 18, 2026