Description: UDP Console expose JMX port without authentication which can be exploited by JMX remote attack and make the system unsecure.
The CVE number assigned to this is CVE-2016-9927
The problem is not applicable in UDP 6.5
For installations on UDP 5 or UDP 6 please follow the below solution.
Please upgrade to UDP 6.5
If you still would like to continue with Arcserve UDP v5 and Arcserve UDP v6, please follow the below steps for fixing it.
1. Open registry to go to HEKY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\ Procrun 2.0\ CAARCAppSvc\ Parameters\ Java
2. Click Options on the right-hand panel and below screenshot will show up
3. Remove the highlighted parameters in the above screenshot.
4. Restart Arcserve UDP Management Service.