CA BrightStor has been found to contain several vulnerabilities. The issues identified are buffer overflows and directory traversal vulnerabilities. Both vulnerabilities exist in ARCServer Backup versions 11.0, 11.1, and 11.5. The buffer overflows exist in the xdr functions in the ARCServer server. The directory traversal could potentially also be used to execute code by writing to a startup or configuration file. CA has released updates for these issues, and they should be tested and deployed as soon as possible.