Intrusion Prevention

Arcserve.UDP.getBackupPolicy.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure vulnerability in Arcserve Unified Data Protection (UDP).
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling crafted HTTP requests. A remote attacker can exploit this to gain unauthorized access to sensitive information via a crafted HTTP request.

Affected Products

Arcserve Unified Data Protection prior to Version 5.0 Update 4

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

CVE References

CVE-2015-4069