{"api_version":"1","generated_at":"2026-04-23T06:17:40+00:00","cve":"CVE-2007-2139","urls":{"html":"https://cve.report/CVE-2007-2139","api":"https://cve.report/api/cve/CVE-2007-2139.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2139","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2139"},"summary":{"title":"CVE-2007-2139","description":"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-04-25 20:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/23635","name":"http://www.securityfocus.com/bid/23635","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Computer Associates BrightStor ArcServe Media Server Multiple Remote Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/24972","name":"http://secunia.com/advisories/24972","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CA BrightStor ARCserve Backup Media Server Multiple Buffer Overflows - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/35326","name":"http://osvdb.org/35326","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html","name":"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ZDI-07-022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1529","name":"http://www.vupen.com/english/advisories/2007/1529","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"inode/x-empty","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/979825","name":"http://www.kb.cert.org/vuls/id/979825","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#979825","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp","name":"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017952","name":"http://www.securitytracker.com/id?1017952","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CA BrightStor ArcServe Media Server Buffer Overflows Let Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/466790/100/0/threaded","name":"http://www.securityfocus.com/archive/1/466790/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/2628","name":"http://securityreason.com/securityalert/2628","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2139","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2139","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_arcserve_backup","cpe6":"11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_arcserve_backup","cpe6":"11.5","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"brightstor_arcserve_backup","cpe6":"9.01","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"business_protection_suite","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"broadcom","cpe5":"server_protection_suite","cpe6":"2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"brightstor_arcserve_backup","cpe6":"11","cpe7":"*","cpe8":"windows","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"business_protection_suite","cpe6":"2.0","cpe7":"*","cpe8":"microsoft_sbs_premium","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ca","cpe5":"business_protection_suite","cpe6":"2.0","cpe7":"*","cpe8":"microsoft_sbs_standard","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:23:50.811Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"2628","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/2628"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"},{"name":"VU#979825","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/979825"},{"name":"35326","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/35326"},{"name":"24972","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24972"},{"name":"brightstor-sun-rpc-bo(33854)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"},{"name":"23635","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/23635"},{"name":"20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/466790/100/0/threaded"},{"name":"1017952","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017952"},{"name":"ADV-2007-1529","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1529"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-04-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-16T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"2628","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/2628"},{"tags":["x_refsource_CONFIRM"],"url":"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"},{"name":"VU#979825","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/979825"},{"name":"35326","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/35326"},{"name":"24972","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24972"},{"name":"brightstor-sun-rpc-bo(33854)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"},{"name":"23635","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/23635"},{"name":"20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/466790/100/0/threaded"},{"name":"1017952","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017952"},{"name":"ADV-2007-1529","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1529"},{"tags":["x_refsource_MISC"],"url":"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2139","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"2628","refsource":"SREASON","url":"http://securityreason.com/securityalert/2628"},{"name":"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp","refsource":"CONFIRM","url":"http://supportconnectw.ca.com/public/storage/infodocs/babmedser-secnotice.asp"},{"name":"VU#979825","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/979825"},{"name":"35326","refsource":"OSVDB","url":"http://osvdb.org/35326"},{"name":"24972","refsource":"SECUNIA","url":"http://secunia.com/advisories/24972"},{"name":"brightstor-sun-rpc-bo(33854)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33854"},{"name":"23635","refsource":"BID","url":"http://www.securityfocus.com/bid/23635"},{"name":"20070424 ZDI-07-022: CA BrightStor ArcServe Media Server Multiple Buffer Overflow Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/466790/100/0/threaded"},{"name":"1017952","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017952"},{"name":"ADV-2007-1529","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1529"},{"name":"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html","refsource":"MISC","url":"http://www.zerodayinitiative.com/advisories/ZDI-07-022.html"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2139","datePublished":"2007-04-25T20:00:00.000Z","dateReserved":"2007-04-18T00:00:00.000Z","dateUpdated":"2024-08-07T13:23:50.811Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-04-25 20:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*","matchCriteriaId":"F52790F8-0D23-47F4-B7F7-6CB0F7B6EA14"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*","matchCriteriaId":"E37161BE-6AF5-40E0-BD63-2C17431D8B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:sp2:*:*:*:*:*:*","matchCriteriaId":"C689BA77-8B88-4742-9AF1-567E12B92E17"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:business_protection_suite:2.0:*:*:*:*:*:*:*","matchCriteriaId":"328E1C42-488A-43FC-8DF2-758DC73B74AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:server_protection_suite:2:*:*:*:*:*:*:*","matchCriteriaId":"A8781759-7B4C-47C3-8A60-8CA5520360C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*","matchCriteriaId":"6E236148-4A57-4FDC-A072-A77D3DD2DB53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_premium:*:*:*:*:*","matchCriteriaId":"2429EE00-5359-4C47-A634-8DBC57253266"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:business_protection_suite:2.0:*:microsoft_sbs_standard:*:*:*:*:*","matchCriteriaId":"F33EE596-0901-4A13-BAA1-1A7C7C16AD27"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2139","Ordinal":"1","Title":"CVE-2007-2139","CVE":"CVE-2007-2139","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2139","Ordinal":"1","NoteData":"Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.","Type":"Description","Title":"CVE-2007-2139"},{"CveYear":"2007","CveId":"2139","Ordinal":"2","NoteData":"2007-04-25","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2139","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}