CA20100603-01: Security Notice for CA ARCserve Backup
Issued: June 03, 2010
CA Technologies support is alerting customers to a security risk with CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can potentially allow a local attacker to gain sensitive information.
CA ARCserve Backup r12.5 SP1
CA ARCserve Backup r12.0 SP2
CA ARCserve Backup r11.5 SP4
CA ARCserve Backup r15.0
How to determine if the installation is affected
CA ARCserve Backup r12.5, r12.0, r11.5 Windows:
- Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status.
- The main patch status screen will indicate if the patches in the below table are applied. If the patches are not applied, then the installation is vulnerable.
For more information on the ARCserve Patch Management utility, read document TEC446265.
CA ARCserve Backup r12.5:
CA ARCserve Backup 12.0:
CA ARCserve Backup 11.5:
CVE-2010-2157 - ARCserve Backup information disclosure
Version 1.0: Initial Release
If additional information is required, please contact CA Support at https://support.ca.com/.
If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Product Vulnerability Response Team.