CA20100603-01: Security Notice for CA ARCserve Backup
1805
24 May 2019
24 May 2019
OPEN
Issued: June 03, 2010
CA Technologies support is alerting customers to a security risk with CA ARCserve Backup. A vulnerability exists, CVE-2010-2157, that can potentially allow a local attacker to gain sensitive information.
Risk Rating
Medium
Platform
Windows
Affected Products
CA ARCserve Backup r12.5 SP1
CA ARCserve Backup r12.0 SP2
CA ARCserve Backup r11.5 SP4
Non-Affected Products
CA ARCserve Backup r15.0
How to determine if the installation is affected
CA ARCserve Backup r12.5, r12.0, r11.5 Windows:
- Run the ARCserve Patch Management utility. From the Windows Start menu, the program can be found under Programs->CA->ARCserve Patch Management->Patch Status.
- The main patch status screen will indicate if the patches in the below table are applied. If the patches are not applied, then the installation is vulnerable.
| Product | Patch |
| CA ARCserve Backup r12.5 Windows | RO17300 |
| CA ARCserve Backup r12.0 Windows | RO17301 and RO17302 |
| CA ARCserve Backup r11.5 Windows | RO17303 and RO17306 |
For more information on the ARCserve Patch Management utility, read document TEC446265.
Solution
CA ARCserve Backup r12.5:
CA ARCserve Backup 12.0:
CA ARCserve Backup 11.5:
Workaround
None
References
CVE-2010-2157 - ARCserve Backup information disclosure
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Support at https://support.ca.com/.
If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Product Vulnerability Response Team.