Primary

Context

Arcserve Unified Data Protection Reflected Cross-Site Scripting Vulnerability

Vulnerability

Patched

A reflected cross-site scripting vulnerability has been identified in the web interface of Arcserve Unified Data Protection (UDP) all versions prior to 10.2. This vulnerability allows remote attackers with low privileges to inject arbitrary JavaScript into pages viewed by other users. Exploitation of this issue could lead to session hijacking, credential theft, or other client-side impacts. The vulnerability requires user interaction and occurs within a shared browser context.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious JavaScript that is executed in the context of the victim's browser.

Remediation

Users can upgrade to Arcserve UDP 10.2, which includes the necessary patches. For those using versions 8.0 through 10.1, patches are available and should be applied. Customers on unsupported versions (7.x and earlier) must upgrade to 10.2.

Added: Aug 27, 2025, 10:18 PM

Updated: Aug 27, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.5

exploitability

4.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

3.5

exploitability

4.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arcserve Unified Data Protection Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Arcserve Unified Data Protection

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating