Enhancements

Arcserve UDP 9.2 provides fixes and security updates including the following enhancements:

• Fixed the following vulnerability issues:
• CVE-2023-41998 - Unauthenticated downloadAndInstallPatch RCE
• CVE-2023-41999 - Management Authentication Bypass
• CVE-2023-42000 - Agent Unauthenticated Path Traversal File Upload
• Arcserve is grateful to Tenable Research for their invaluable assistance in identifying and resolving these issues. Their expertise and collaborative efforts have helped us improve our product and ensure the highest level of security for our customers.
• Note: Fixes for these three vulnerabilities are also separately available for UDP 9.1 (Patch P00002967), UDP 8.1 (Patch P00002968), and UDP 7.0 update 2 (Patch P00002983).
• Enhanced security of stored and/or transmitted passwords as a part of backup and recovery operations.
• Enhanced security of the Arcserve SQL Express DB.

For a complete list of issues fixed in this release, see the Issues Fixed list.