CVE-2007-5328 - Vulnerability Details

Vendors	Products
Broadcom	Brightstor Arcserve Backup Brightstor Enterprise Backup

Link	Providers
http://secunia.com/advisories/27192
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
http://www.securityfocus.com/archive/1/482121/100/0/threaded
http://www.securityfocus.com/archive/1/484229/100/0/threaded
http://www.securityfocus.com/bid/26015
http://www.securitytracker.com/id?1018805
http://www.vupen.com/english/advisories/2007/3470
http://www.zerodayinitiative.com/advisories/ZDI-07-069.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/37067

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain \"insecure method calls\" to modify the file system and registry, aka \"Privileged function exposure.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27192", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27192"}, {"name": "ca-brightstor-unspecified-security-bypass(37067)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"name": "20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"name": "20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"name": "26015", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26015"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"name": "1018805", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018805"}, {"name": "ADV-2007-3470", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3470"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain \"insecure method calls\" to modify the file system and registry, aka \"Privileged function exposure.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27192"}, {"name": "ca-brightstor-unspecified-security-bypass(37067)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"name": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"name": "20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"name": "20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"name": "26015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26015"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"name": "1018805", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018805"}, {"name": "ADV-2007-3470", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3470"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.422Z"}, "title": "CVE Program Container", "references": [{"name": "27192", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27192"}, {"name": "ca-brightstor-unspecified-security-bypass(37067)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"name": "20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"name": "20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"name": "26015", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26015"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"name": "1018805", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018805"}, {"name": "ADV-2007-3470", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3470"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5328", "datePublished": "2007-10-13T00:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2024-08-07T15:24:42.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2007-10-11T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-15T20:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 27192 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/27192 (string)

}

1 : { »

name : ca-brightstor-unspecified-security-bypass(37067) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37067 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp (string)

}

3 : { »

name : 20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/484229/100/0/threaded (string)

}

4 : { »

name : 20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/482121/100/0/threaded (string)

}

5 : { »

name : 26015 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/26015 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-07-069.html (string)

}

7 : { »

name : 1018805 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id?1018805 (string)

}

8 : { »

name : ADV-2007-3470 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2007/3470 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2007-5328 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 27192 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/27192 (string)

}

1 : { »

name : ca-brightstor-unspecified-security-bypass(37067) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37067 (string)

}

2 : { »

name : http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp (string)

refsource : CONFIRM (string)

url : http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp (string)

}

3 : { »

name : 20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/484229/100/0/threaded (string)

}

4 : { »

name : 20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities (string)

refsource : BUGTRAQ (string)

url : http://www.securityfocus.com/archive/1/482121/100/0/threaded (string)

}

5 : { »

name : 26015 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/26015 (string)

}

6 : { »

name : http://www.zerodayinitiative.com/advisories/ZDI-07-069.html (string)

refsource : MISC (string)

url : http://www.zerodayinitiative.com/advisories/ZDI-07-069.html (string)

}

7 : { »

name : 1018805 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id?1018805 (string)

}

8 : { »

name : ADV-2007-3470 (string)

refsource : VUPEN (string)

url : http://www.vupen.com/english/advisories/2007/3470 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T15:24:42.422Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 27192 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/27192 (string)

}

1 : { »

name : ca-brightstor-unspecified-security-bypass(37067) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37067 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp (string)

}

3 : { »

name : 20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/484229/100/0/threaded (string)

}

4 : { »

name : 20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/482121/100/0/threaded (string)

}

5 : { »

name : 26015 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/26015 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.zerodayinitiative.com/advisories/ZDI-07-069.html (string)

}

7 : { »

name : 1018805 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id?1018805 (string)

}

8 : { »

name : ADV-2007-3470 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2007/3470 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2007-5328 (string)

datePublished : 2007-10-13T00:00:00 (string)

dateReserved : 2007-10-10T00:00:00 (string)

dateUpdated : 2024-08-07T15:24:42.422Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*", "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "443AB333-2C99-42FF-8F4E-A487BF588E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*", "matchCriteriaId": "8C339825-77F9-478A-B1F7-A297D5715396", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain \"insecure method calls\" to modify the file system and registry, aka \"Privileged function exposure.\""}, {"lang": "es", "value": "El servicio Message Engine RPC en CA BrightStor ARCServe BackUp versi\u00f3n v9.01 hasta r11.5, y Enterprise Backup r10.5, permite a atacantes ejecutar c\u00f3digo arbitrario mediante el uso de ciertas \"insecure method calls\" para modificar el sistema de archivos y el registro, tambi\u00e9n se conoce como \"Privileged function exposure.\""}], "id": "CVE-2007-5328", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-13T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27192"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26015"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018805"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3470"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:* (string)

matchCriteriaId : F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 443AB333-2C99-42FF-8F4E-A487BF588E85 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C339825-77F9-478A-B1F7-A297D5715396 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E37161BE-6AF5-40E0-BD63-2C17431D8B36 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 477EE032-D183-478F-A2BF-6165277A7414 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 78AA54EA-DAF1-4635-AA1B-E2E49C4BB597 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain "insecure method calls" to modify the file system and registry, aka "Privileged function exposure." (string)

}

1 : { »

lang : es (string)

value : El servicio Message Engine RPC en CA BrightStor ARCServe BackUp versión v9.01 hasta r11.5, y Enterprise Backup r10.5, permite a atacantes ejecutar código arbitrario mediante el uso de ciertas "insecure method calls" para modificar el sistema de archivos y el registro, también se conoce como "Privileged function exposure." (string)

}

]

id : CVE-2007-5328 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2007-10-13T00:17:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/27192 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/archive/1/482121/100/0/threaded (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/archive/1/484229/100/0/threaded (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/26015 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id?1018805 (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://www.vupen.com/english/advisories/2007/3470 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.zerodayinitiative.com/advisories/ZDI-07-069.html (string)

}

8 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37067 (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/27192 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/482121/100/0/threaded (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/484229/100/0/threaded (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/26015 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id?1018805 (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.vupen.com/english/advisories/2007/3470 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.zerodayinitiative.com/advisories/ZDI-07-069.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/37067 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object