CVE-2007-5328

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5328
The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/27192
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp Patch
http://www.securityfocus.com/archive/1/482121/100/0/threaded
http://www.securityfocus.com/archive/1/484229/100/0/threaded
http://www.securityfocus.com/bid/26015
http://www.securitytracker.com/id?1018805
http://www.vupen.com/english/advisories/2007/3470
http://www.zerodayinitiative.com/advisories/ZDI-07-069.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/37067
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
History

07 Apr 2021, 18:20

Type Values Removed Values Added
CPE cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
cpe:2.3:a:ca:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*		 cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
Information

Published : 2007-10-13 00:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-5328

Mitre link : CVE-2007-5328

CVE.ORG link : CVE-2007-5328

JSON object : View

Products Affected

broadcom

  • brightstor_arcserve_backup
  • brightstor_enterprise_backup
CWE
CWE-264

Permissions, Privileges, and Access Controls