Strix
26.1K

CVE-2010-3984

UnknownEPSS 5.32%

Last modified

CVE-2010-3984 is a vulnerability of currently unknown severity. Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.. EPSS estimates a 5.32% chance of exploitation in the next 30 days.

Description

Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.

Metrics

EPSS Probability
5.32%

91.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
CaArcserve Replication And High Availabilityr15.0Sp1
CaXosoft Content Distributionr12.0Sp1
CaXosoft Content Distributionr12.5Sp2
CaXosoft High Availabilityr12.0Sp1
CaXosoft High Availabilityr12.5Sp2
CaXosoft Replicationr12.0Sp1
CaXosoft Replicationr12.5Sp2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-3984?
Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft High Availability r12.0 SP1 and r12.5 SP2 rollup, CA XOsoft Content Distribution r12.0 SP1 and r12.5 SP2 rollup, and CA ARCserve Replication and High Availability (RHA) r15.0 SP1 allows remote attackers to execute arbitrary code via a crafted create_session_bab operation in a SOAP request to xosoapapi.asmx.
How severe is CVE-2010-3984?
Severity scoring for CVE-2010-3984 is pending analysis. The EPSS model estimates a 5.32% probability of exploitation in the next 30 days.
How do I fix CVE-2010-3984?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-3984?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST