CVE-2018-18660

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
arcserveudp
𝑥
< 6.5
arcserveudp
6.5
arcserveudp
6.5:update_1
arcserveudp
6.5:update_2
arcserveudp
6.5:update_3
arcserveudp
6.5:update_4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.arcserve.com/s/article/360001392563?language=en_US
https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
https://support.arcserve.com/s/article/360001392563?language=en_US
https://support.arcserve.com/s/article/Security-vulnerabilities-with-Arcserve-UDP-and-fixes-for-them?language=en_US
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/