Every CVE whose affected-product data names Arcserve Udp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2025-34523 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP)…
CVE-2023-26258 — CVSS 9.8 (critical): Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the…
CVE-2023-41998 — CVSS 9.8 (critical): Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists…
CVE-2023-41999 — CVSS 9.8 (critical): An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication…
CVE-2023-42000 — CVSS 9.8 (critical): Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An…
CVE-2024-0799 — CVSS 9.8 (critical): An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve…
CVE-2025-34520 — CVSS 9.8 (critical): An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized…
CVE-2025-34522 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be…
CVE-2024-0800 — CVSS 8.8 (high): A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.ba…
CVE-2018-18658 — CVSS 7.5 (high): An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-20 Unauthenticated…
CVE-2018-18659 — CVSS 7.5 (high): An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-19 Unauthenticated XXE in…
CVE-2024-0801 — CVSS 7.5 (high): A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
CVE-2018-18657 — CVSS 7.5 (high): An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-18 Unauthenticated…
CVE-2018-18660 — CVSS 6.1 (medium): An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site…
CVE-2025-34521 — CVSS 5.4 (medium): A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where…