CVE-2011-3011

critical

Description

BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.

References

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B7D3ACC0F-6C01-4BE2-B5C0-C430CEB45BE6%7D

http://www.securityfocus.com/archive/1/519234/100/0/threaded

http://securityreason.com/securityalert/8338

Details

Source: Mitre, NVD

Published: 2011-08-15

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics