CVE-2007-2281

2022-10-0316:14:37

CWE-189

[email protected]

web.nvd.nist.gov

cve-2007-2281

application recovery manager

hp openview

storage data protector

remote code execution

integer overflow

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.206 Low

EPSS

Percentile

96.4%

JSON

Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter.

Affected configurations

NVD

Node

hpopenview_storage_data_protectorMatch5.50

hpopenview_storage_data_protectorMatch6.0

CPENameOperatorVersion
hp:openview_storage_data_protectorhp openview storage data protectoreq5.50
hp:openview_storage_data_protectorhp openview storage data protectoreq6.0