{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"CA ARCserve Backup for Laptops and Desktops r11.1 SP1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Desktop Management Suite 11.1.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Desktop Management Suite 11.2 English ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA ARCserve Backup for Laptops and Desktops r11.0 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA ARCserve Backup for Laptops and Desktops r11.1 SP2 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA ARCserve Backup for Laptops and Desktops r11.5 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA ARCserve Backup for Laptops and Desktops r11.1 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CA Desktop Management Suite 11.2 localized ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans CA ARCserve Backup for\nLaptops and Desktops Server :\n\n-   la premi\u00e8re est li\u00e9e \u00e0 un filtrage insuffisant d'arguments par le\n    service LGServer (CVE-2008-1328) ;\n-   la seconde est li\u00e9e \u00e0 une v\u00e9rification insuffisante lors du\n    t\u00e9l\u00e9chargement de fichiers (upload) par le service NetBackup\n    (CVE-2008-1329).\n\nL'exploitation de ces vuln\u00e9rabilit\u00e9s permet l'ex\u00e9cution de code\narbitraire \u00e0 distance. Seul le serveur est concern\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-1328","url":"https://www.cve.org/CVERecord?id=CVE-2008-1328"},{"name":"CVE-2008-1329","url":"https://www.cve.org/CVERecord?id=CVE-2008-1329"}],"links":[],"reference":"CERTA-2008-AVI-185","revisions":[{"description":"version initiale.","revision_date":"2008-04-08T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Deux vuln\u00e9rabilit\u00e9s dans <span class=\"textit\">CA ARCserve Backup for\nLaptops and Desktops Server</span> permettent l'ex\u00e9cution de code\narbitraire \u00e0 distance.\n","title":"Vuln\u00e9rabilit\u00e9s dans CA ARCserve Backup","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 03 avril 2008","url":"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105"}]}