Primary

Context

Arctera InfoScale Insecure Deserialization Vulnerability in .NET Remoting Endpoint

Vulnerability

A vulnerability exists in Arctera InfoScale versions 7.0 to 8.0.2, where the Windows Plugin_Host service is susceptible to exploitation through insecure deserialization of untrusted messages in a .NET remoting endpoint. This issue arises when applications are set up for Disaster Recovery using the DR wizard. The vulnerability can be mitigated by manually disabling the Plugin_Host service.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected server.

Remediation

To address this vulnerability, manually disable the Windows Plugin_Host service on the affected server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

10.0

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arctera InfoScale Insecure Deserialization Vulnerability in .NET Remoting Endpoint

Vulnerability

Impact

Remediation

Affected Products

Veritas Arctera InfoScale

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating