Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution that improves organizations’ resilience to ransomware attacks. CVE-2023-41998 is a vulnerability in the solution’s com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface that may allow an unauthenticated, remote attacker to uploade and execute arbitrary files (and code) remotely via … More

The post PoCs for critical Arcserve UDP vulnerabilities released appeared first on Help Net Security.