| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-6299 |
|
|
Bypass |
2012-12-26 |
2012-12-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. |
|
2 |
CVE-2012-6298 |
|
|
Exec Code |
2012-12-26 |
2012-12-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors. |
|
3 |
CVE-2012-5973 |
94 |
|
Exec Code |
2012-12-10 |
2012-12-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. |
|
4 |
CVE-2012-2972 |
20 |
|
DoS |
2012-10-20 |
2013-01-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. |
|
5 |
CVE-2012-2971 |
94 |
|
DoS Exec Code |
2012-10-20 |
2013-01-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. |
|
6 |
CVE-2012-1662 |
20 |
|
DoS |
2012-03-21 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. |
|
7 |
CVE-2012-1453 |
264 |
|
Bypass |
2012-03-21 |
2012-11-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. |
|
8 |
CVE-2012-1446 |
264 |
|
Bypass |
2012-03-21 |
2012-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. |
|
9 |
CVE-2012-1440 |
264 |
|
Bypass |
2012-03-21 |
2012-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. |
|
10 |
CVE-2012-0692 |
264 |
|
+Priv |
2012-10-02 |
2013-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors. |
|
11 |
CVE-2012-0691 |
264 |
|
+Priv |
2012-10-02 |
2013-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors. |
|
12 |
CVE-2011-4054 |
79 |
|
XSS |
2011-12-08 |
2012-03-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter. |
|
13 |
CVE-2011-3849 |
|
|
DoS |
2011-11-18 |
2011-11-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 and CA Directory r12 before SP7 CR1 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP packet. |
|
14 |
CVE-2011-3011 |
200 |
|
Exec Code +Info |
2011-08-15 |
2011-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors. |
|
15 |
CVE-2011-2667 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-28 |
2011-09-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request. |
|
16 |
CVE-2011-1899 |
79 |
|
XSS |
2011-05-16 |
2011-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
|
17 |
CVE-2011-1826 |
20 |
|
|
2011-05-05 |
2011-09-06 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
18 |
CVE-2011-1825 |
79 |
|
XSS |
2011-05-05 |
2011-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
19 |
CVE-2011-1719 |
119 |
|
Exec Code Overflow |
2011-04-26 |
2011-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1. |
|
20 |
CVE-2011-1718 |
20 |
|
+Priv |
2011-04-26 |
2011-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data. |
|
21 |
CVE-2011-1655 |
310 |
|
Exec Code |
2011-04-18 |
2011-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The management.asmx module in the Management Web Service in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 sends a cleartext response to unspecified getDBConfigSettings requests, which makes it easier for remote attackers to obtain database credentials, and subsequently execute arbitrary code, by sniffing the network, related to the UNCWS Web Service. |
|
22 |
CVE-2011-1654 |
22 |
|
Exec Code Dir. Trav. |
2011-04-18 |
2011-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in the Heartbeat Web Service in CA.Itm.Server.ManagementWS.dll in the Management Server in CA Total Defense (TD) r12 before SE2 allows remote attackers to execute arbitrary code via directory traversal sequences in the GUID parameter in an upload request to FileUploadHandler.ashx. |
|
23 |
CVE-2011-1653 |
89 |
|
Exec Code Sql |
2011-04-18 |
2012-02-13 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures. |
|
24 |
CVE-2011-1036 |
|
|
|
2011-02-25 |
2011-09-21 |
8.8 |
None |
Remote |
Medium |
Not required |
None |
Complete |
Complete |
|
The XML Security Database Parser class in the XMLSecDB ActiveX control in the HIPSEngine component in the Management Server before 8.1.0.88, and the client before 1.6.450, in CA Host-Based Intrusion Prevention System (HIPS) 8.1, as used in CA Internet Security Suite (ISS) 2010, allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via vectors involving the SetXml and Save methods. |
|
25 |
CVE-2011-0758 |
189 |
|
DoS Exec Code Overflow |
2011-02-10 |
2011-09-22 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow. |
|
26 |
CVE-2010-5156 |
362 |
|
Exec Code Bypass |
2012-08-25 |
2012-08-27 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 6.0.0.272 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. |
|
27 |
CVE-2010-4502 |
189 |
1
|
DoS Exec Code Overflow |
2010-12-08 |
2010-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite Plus 2010 allows local users to cause a denial of service (pool corruption) and execute arbitrary code via crafted arguments to the 0x88000080 IOCTL, which triggers a buffer overflow. |
|
28 |
CVE-2010-3984 |
119 |
|
Exec Code Overflow |
2011-01-07 |
2011-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx. |
|
29 |
CVE-2010-2193 |
20 |
|
Exec Code |
2010-06-09 |
2010-06-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors. |
|
30 |
CVE-2010-2157 |
|
|
+Info |
2010-06-07 |
2010-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors. |
|
31 |
CVE-2010-1223 |
119 |
|
Exec Code Overflow |
2010-04-07 |
2010-04-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service. |
|
32 |
CVE-2010-1222 |
287 |
|
+Info |
2010-04-07 |
2010-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CA XOsoft r12.5 does not properly perform authentication, which allows remote attackers to obtain potentially sensitive information via a SOAP request. |
|
33 |
CVE-2010-1221 |
287 |
|
|
2010-04-07 |
2010-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. |
|
34 |
CVE-2010-0640 |
79 |
|
XSS |
2010-02-24 |
2010-03-02 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request. |
|
35 |
CVE-2009-4225 |
119 |
1
|
Exec Code Overflow |
2009-12-08 |
2011-01-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method. |
|
36 |
CVE-2009-4149 |
79 |
|
XSS |
2009-12-09 |
2009-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. |
|
37 |
CVE-2009-3588 |
|
|
DoS |
2009-10-13 |
2009-10-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. |
|
38 |
CVE-2009-3587 |
|
|
DoS Exec Code |
2009-10-13 |
2009-11-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588. |
|
39 |
CVE-2009-2740 |
399 |
|
DoS |
2009-08-19 |
2009-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. |
|
40 |
CVE-2009-2705 |
264 |
|
XSS Bypass |
2009-08-11 |
2009-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. |
|
41 |
CVE-2009-2704 |
264 |
|
XSS Bypass |
2009-08-11 |
2009-08-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte). |
|
42 |
CVE-2009-2026 |
119 |
|
Exec Code Overflow |
2009-08-10 |
2009-08-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data. |
|
43 |
CVE-2009-1761 |
20 |
|
DoS |
2009-06-16 |
2009-06-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for Windows allows remote attackers to cause a denial of service (crash) via (1) an invalid 0x13 message, which is not properly handled in the ASCORE module, or (2) a 0x3B message with invalid stub data that triggers an RPC marshalling error. |
|
44 |
CVE-2009-0682 |
20 |
|
DoS |
2009-08-19 |
2009-09-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before 9.0.0.184 in Internet Security Suite r4, and vetmonnt.sys before 10.0.0.217 in Internet Security Suite r5 do not properly verify IOCTL calls, which allows local users to cause a denial of service (system crash) via a crafted call. |
|
45 |
CVE-2009-0043 |
264 |
|
Exec Code |
2009-01-08 |
2009-02-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors. |
|
46 |
CVE-2009-0042 |
|
|
Bypass |
2009-01-27 |
2009-02-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file. |
|
47 |
CVE-2008-5529 |
20 |
|
Bypass |
2008-12-12 |
2009-01-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. |
|
48 |
CVE-2008-5415 |
|
|
Exec Code |
2008-12-11 |
2011-01-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure. |
|
49 |
CVE-2008-4400 |
20 |
|
DoS |
2008-10-14 |
2009-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation." |
|
50 |
CVE-2008-4399 |
20 |
|
DoS |
2008-10-14 |
2009-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation." |
