CVE-2007-5328

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure."

References

http://secunia.com/advisories/27192

http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp

http://www.securityfocus.com/archive/1/482121/100/0/threaded

http://www.securityfocus.com/archive/1/484229/100/0/threaded

http://www.securityfocus.com/bid/26015

http://www.securitytracker.com/id?1018805

http://www.vupen.com/english/advisories/2007/3470

http://www.zerodayinitiative.com/advisories/ZDI-07-069.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/37067

Details

Source: MITRE

Published: 2007-10-13

Updated: 2021-04-07

Type: CWE-264

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
26970CA BrightStor ARCserve Backup Multiple Remote Vulnerabilities (QO91094)NessusWindows
critical