. You patch my back(up) and I’ll patch yours… Arcserve bugs burrow remotely exploited holes in UDP storage systems – Articels
Advertisements

You patch my back(up) and I’ll patch yours… Arcserve bugs burrow remotely exploited holes in UDP storage systems

Uncategorized

Capture.PNG

Companies running Arcserve Unified Data Protection to manage their backups and archives are being advised to update their software after bug hunters discovered four remotely exploitable security vulnerabilities.

Researchers with Digital Defense identified this month four holes that, if exploited via a phishing attack or malicious webpage, would allow an attacker to lift credentials or access data stored in the UDP data archiving and recovery system via its web services components.

The Digital Defense crew said the bug bundle consists of two different information disclosure flaws (one in /gateway/services/EdgeServiceImpl and the other via /UDPUpdates/Config/FullUpdateSettings.xml), a cross-site scripting vulnerability (in /authenticationendpoint/domain.jsp), and an XML External Entity flaw that could allow data disclosure via /management/UdpHttpService.

“The vulnerabilities can open the door for potential compromise of sensitive data through access to credentials, phishing attacks and the ability for a hacker to read files without authentication from the hosting system,” Digital Defense explained.

The vulnerabilities are only present in the Web Services components of the UDP Console and UDP Gateway â€“ the two tools used by admins to access and manage backup archives. Machines running the UDP Recovery Point Server and UDP Agent software are not affected.

Fortunately for Arcserve customers, Digital Defense said it privately disclosed the vulnerability, and Arcserve has already put out a patch. Those running UDP 6.5 Update 4 and Update 3 can download the fixes firectly from Arcserve, while companies using UDP on a standalone gateway will still need to manually install the patch on those boxes. ÂŽ

 

Advertisements
No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Uncategorized
Acer Aspire A315-21 15.6-inch Laptop (AMD A-Series Dual-Core A6-9220/4GB/1TB/Windows 10 Home/Integrated Graphics), Obsidian Black

Processor: AMD A-Series dual-core processor A6-9220, turbo upto 2.9 Ghz Display : 15.6″ HD 1366 x 768 resolution, high-brightness Acer ComfyView LED-backlit TFT LCD Storage: 1 TB 2.5-inch 5400 RPM HDD Memory: 4 GB DDR4 Ram expandable up to 12 GB Operating System: Pre-loaded Windows 10 Home Graphics: AMD Radeon …

Advertisements
Uncategorized
Attractive Art Silk Begam Printed Lehenga Choli

Size : Free Size (Waist – 30.0 – 40.0 inches) Free Size (Bust – 32.0 – 42.0 inches) Fabric : Art Silk Type : Semi Stitched Delivery : Within 6-8 business days Fabric : Art Silk, Size : Lehenga Waist – Up To 30 in To 40 in (Free Size), …

Advertisements
Uncategorized
Attractive Art Silk Begam Printed Lehenga Choli

Size : Free Size (Waist – 30.0 – 40.0 inches) Free Size (Bust – 32.0 – 42.0 inches) Fabric : Art Silk Type : Semi Stitched Delivery : Within 6-8 business days Fabric : Art Silk, Size : Lehenga Waist – Up To 30 in To 40 in (Free Size), …

Advertisements
%d bloggers like this: