CVE-2023-41998

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 2, 2023

CWE ID 434

Summary

CVE-2023-41998 is a newly disclosed vulnerability affecting Arcserve UDP versions prior to 9.2. The issue lies in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface, where a routine enables an attacker to upload and execute arbitrary files. This vulnerability can lead to serious consequences if exploited, including potential data theft or system compromise. Organizations using Arcserve UDP are urged to apply the available patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Arcserve Unified Data Protection

Affected Vendors

Arcserve (USA) LLC

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/smdhFt
https://www.cve.org/CVERecord?id=CVE-2023-41998
https://nvd.nist.gov/vuln/detail/CVE-2023-41998

Back to Vulnerability Database