cpe:/a:ca:arcserve_backup:r11.1 cpe:/a:ca:arcserve_backup:r11.5 cpe:/a:ca:arcserve_backup:r12.0 cpe:/a:ca:business_protection_suite:r2 cpe:/a:ca:business_protection_suite:r2::microsoft_small_business_server_premium cpe:/a:ca:business_protection_suite:r2::microsoft_small_business_server_standard cpe:/a:ca:server_protection_suite:r2 CVE-2008-4397 2008-10-14T17:10:35.677-04:00 2017-08-07T21:32:36.890-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-10-15T10:37:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1021032 BUGTRAQ 20081009 CA ARCserve Backup Multiple Vulnerabilities BUGTRAQ 20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability BID 31684 SECUNIA 32220 SREASON 4412 VUPEN ADV-2008-2777 IAVM IAVM:2008-B-0072 XF ca-arcservebackup-message-command-execution(45774) CONFIRM https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143 Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.