CVE-2010-3984

CVSS V2 High 7.5 CVSS V3 None
Description
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.
Overview
  • CVE ID
  • CVE-2010-3984
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2011-01-07T23:00:19
  • Last Modified Date
  • 2018-10-10T20:06:09
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ca:arcserve_replication_and_high_availability:r15.0:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ca:xosoft_content_distribution:r12.0:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ca:xosoft_content_distribution:r12.5:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ca:xosoft_high_availability:r12.0:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ca:xosoft_high_availability:r12.5:sp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ca:xosoft_replication:r12.0:sp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ca:xosoft_replication:r12.5:sp2:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.zerodayinitiative.com/advisories/ZDI-10-263/
http://secunia.com/advisories/42561 Vendor Advisory
http://www.securityfocus.com/bid/45317
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7bFEB41CE8-5023-46DF-B257-5299F492BF23%7d Vendor Advisory
http://www.securitytracker.com/id?1024852
http://www.securityfocus.com/archive/1/515115/100/0/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2010-3984
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3984
History
Created Old Value New Value Data Type Notes
2022-05-10 18:30:18 Added to TrackCVE