{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-11T04:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain \"insecure method calls\" to modify the file system and registry, aka \"Privileged function exposure.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T00:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27192", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27192"}, {"name": "ca-brightstor-unspecified-security-bypass(37067)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"name": "20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"name": "20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"name": "26015", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26015"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"name": "1018805", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018805"}, {"name": "ADV-2007-3470", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3470"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain \"insecure method calls\" to modify the file system and registry, aka \"Privileged function exposure.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27192"}, {"name": "ca-brightstor-unspecified-security-bypass(37067)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"name": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"name": "20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"name": "20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"name": "26015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26015"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"name": "1018805", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018805"}, {"name": "ADV-2007-3470", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3470"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.422Z"}, "title": "CVE Program Container", "references": [{"name": "27192", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27192"}, {"name": "ca-brightstor-unspecified-security-bypass(37067)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"name": "20071126 ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"name": "20071011 [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"name": "26015", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26015"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"name": "1018805", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018805"}, {"name": "ADV-2007-3470", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3470"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5328", "datePublished": "2007-10-13T04:00:00.000Z", "dateReserved": "2007-10-10T04:00:00.000Z", "dateUpdated": "2024-08-07T15:24:42.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*", "matchCriteriaId": "F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "443AB333-2C99-42FF-8F4E-A487BF588E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11:*:*:*:*:*:*:*", "matchCriteriaId": "8C339825-77F9-478A-B1F7-A297D5715396", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "E37161BE-6AF5-40E0-BD63-2C17431D8B36", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*", "matchCriteriaId": "477EE032-D183-478F-A2BF-6165277A7414", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "78AA54EA-DAF1-4635-AA1B-E2E49C4BB597", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code by using certain \"insecure method calls\" to modify the file system and registry, aka \"Privileged function exposure.\""}, {"lang": "es", "value": "El servicio Message Engine RPC en CA BrightStor ARCServe BackUp versi\u00f3n v9.01 hasta r11.5, y Enterprise Backup r10.5, permite a atacantes ejecutar c\u00f3digo arbitrario mediante el uso de ciertas \"insecure method calls\" para modificar el sistema de archivos y el registro, tambi\u00e9n se conoce como \"Privileged function exposure.\""}], "id": "CVE-2007-5328", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-13T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27192"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26015"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018805"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3470"}, {"source": "cve@mitre.org", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/482121/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484229/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-069.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37067"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}