CRITICALCVE-2024-0799CVSS 9.8

CVE-2024-0799: Authentication Bypass in Arcserve UDP

Platform

java

Component

arcserve-unified-data-protection

Fixed in

9.2.1

8.1.1

AI Confidence: highNVDEPSS 38.9%Reviewed: May 2026

View on NVD

Save

CVE-2024-0799 describes a critical authentication bypass vulnerability discovered in Arcserve Unified Data Protection (UDP) versions 8.1 and 9.2. This flaw allows attackers to circumvent authentication mechanisms, potentially granting them unauthorized access to sensitive data and system functionalities. The vulnerability resides within the edge-app-base-webui.jar file, specifically in the com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function. A patch is available in version 9.2.1.

Java / Maven

Detect this CVE in your project

Upload your pom.xml file and we'll tell you instantly if you're affected.

Upload pom.xmlSupported formats: pom.xml · build.gradle

Impact and Attack Scenarios

The impact of CVE-2024-0799 is severe due to the ease with which an attacker can bypass authentication. Successful exploitation could allow an attacker to gain complete control over the Arcserve UDP system, including access to backups, recovery operations, and configuration settings. This could lead to data breaches, data corruption, denial of service, and potentially, lateral movement within the network if the UDP system has access to other resources. The ability to bypass authentication significantly expands the attack surface and increases the risk of a successful compromise. This vulnerability shares characteristics with other authentication bypass flaws, where improper validation of user credentials allows unauthorized access.

Exploitation Context

CVE-2024-0799 was publicly disclosed on March 13, 2024. The vulnerability has a CVSS score of 9.8 (CRITICAL), indicating a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation suggested by the vulnerability description raises concerns about potential exploitation in the wild. It has not yet been added to the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

38.90% (97% percentile)

CISA SSVC

Exploitationpoc

Automatableyes

Technical Impacttotal

CVSS Vector

What do these metrics mean?

Attack Vector: Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity: Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required: None — unauthenticated. No login or credentials needed to exploit.
User Interaction: None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope: Unchanged — impact is limited to the vulnerable component itself.
Confidentiality: High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity: High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability: High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentarcserve-unified-data-protection

VendorArcserve

Affected rangeFixed in

0 – 9.29.2.1

0 – 8.18.1.1

Weakness Classification (CWE)

CWE-287

Timeline

Reserved2024-01-22
Published2024-03-13
Modified2025-12-16
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2024-0799 is to upgrade Arcserve Unified Data Protection to version 9.2.1 or later, which includes the necessary fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting network access to the UDP web interface, enforcing strong password policies, and enabling multi-factor authentication where possible. Monitoring authentication logs for suspicious activity is also recommended. After upgrading, verify the fix by attempting to access the UDP web interface with invalid credentials; authentication should be denied.

How to fix

Update Arcserve Unified Data Protection to a version later than 9.2 or 8.1 that has addressed the authentication bypass vulnerability. Refer to the vendor's website for the latest version and upgrade instructions.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-0799 — Authentication Bypass in Arcserve UDP?

CVE-2024-0799 is a critical authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) versions 8.1 and 9.2, allowing attackers to bypass authentication and potentially gain unauthorized access.

Am I affected by CVE-2024-0799 in Arcserve UDP?

If you are using Arcserve UDP versions 8.1 or 9.2, you are potentially affected by this vulnerability. Upgrade to version 9.2.1 or later to mitigate the risk.

How do I fix CVE-2024-0799 in Arcserve UDP?

The recommended fix is to upgrade Arcserve UDP to version 9.2.1 or later. If an immediate upgrade is not possible, implement temporary workarounds like restricting network access and enforcing strong passwords.

Is CVE-2024-0799 being actively exploited?

While no public proof-of-concept exists, the ease of exploitation suggests a potential for active exploitation. Continuous monitoring is advised.

Where can I find the official Arcserve advisory for CVE-2024-0799?

Refer to the official Arcserve security advisory for detailed information and guidance: [https://www.arcserve.com/security-advisories](https://www.arcserve.com/security-advisories)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs