Data Protector Security Vulnerabilities and Issues — Data Protector CVE List

Lucene search

HpData Protector

14 matches found

CVE•added 2011/02/09 1:0 a.m.•95 views

CVE-2011-0923

The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

10CVSS7.2AI score0.89891EPSS

CVE•added 2016/04/21 11:0 a.m.•64 views

CVE-2016-2004

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

9.8CVSS9.6AI score0.92734EPSS

CVE•added 2018/02/15 10:29 p.m.•59 views

CVE-2017-5807

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

10CVSS9.5AI score0.46958EPSS

CVE•added 2011/08/01 7:55 p.m.•56 views

CVE-2011-2399

Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.

7.8CVSS6.6AI score0.02687EPSS

CVE•added 2016/04/21 11:0 a.m.•52 views

CVE-2016-2006

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.

10CVSS9.8AI score0.4725EPSS

CVE•added 2016/04/21 11:0 a.m.•48 views

CVE-2016-2005

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.

10CVSS9.8AI score0.4725EPSS

CVE•added 2011/02/09 1:0 a.m.•44 views

CVE-2011-0922

The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.

10CVSS7.3AI score0.82006EPSS

CVE•added 2016/04/21 11:0 a.m.•43 views

CVE-2016-2008

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8CVSS9.7AI score0.1017EPSS

CVE•added 2016/04/21 11:0 a.m.•42 views

CVE-2016-2007

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.

10CVSS9.8AI score0.4725EPSS

CVE•added 2018/02/15 10:29 p.m.•42 views

CVE-2017-5809

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

5.5CVSS6.6AI score0.00658EPSS

CVE•added 2011/02/09 1:0 a.m.•41 views

CVE-2011-0924

The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.

10CVSS7.6AI score0.13352EPSS

CVE•added 2018/02/15 10:29 p.m.•41 views

CVE-2017-5808

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

7.8CVSS8.1AI score0.19465EPSS

CVE•added 2011/02/09 1:0 a.m.•35 views

CVE-2011-0921

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the app...

10CVSS8AI score0.04712EPSS

CVE•added 2014/08/01 11:13 a.m.•30 views

CVE-2014-5160

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior...

6.4CVSS7.1AI score0.2178EPSS