Arcserve UDP Console Communication Channel Vulnerability Leading to Information Disclosure
Vulnerability
A vulnerability has been identified in the Arcserve UDP Console version 10.3, related to the offline activation process. The issue arises from an incorrectly specified destination in the communication channel, allowing activation traffic to be redirected to a dummy URL. This misconfiguration can lead to unauthorized interception and exposure of sensitive activation data.
Impact
Exploitation of this vulnerability could result in the unintentional disclosure of activation-related information to a controlled dummy domain, potentially allowing interception of sensitive data during the activation process.
Remediation
Users are advised to apply the patch P00003790, available on the Arcserve Support Portal. The patch should be installed when no active jobs are running, as its installation will restart Arcserve UDP services.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.