[原文]The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.
CA BrightStor ARCserve Backup Default Hardcoded Administrator Account
Remote / Network Access
Loss of Integrity
BrightStor ARCserve Backup UniversalAgent contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a hard-coded, undocumented administrative account for the Common Agent. This flaw may lead to a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.