This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hp First view 2011-08-01
Product Data Protector Last view 2018-02-15
Version 6.10 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hp:data_protector

Activity : Overall

Related : CVE

  Date Alert Description
5.5 2018-02-15 CVE-2017-5809

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

7.5 2018-02-15 CVE-2017-5808

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

9.8 2018-02-15 CVE-2017-5807

A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.

9.8 2016-04-21 CVE-2016-2008

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8 2016-04-21 CVE-2016-2007

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.

9.8 2016-04-21 CVE-2016-2006

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.

9.8 2016-04-21 CVE-2016-2005

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.

9.8 2016-04-21 CVE-2016-2004

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

6.4 2014-08-01 CVE-2014-5160

** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design."

7.8 2011-08-01 CVE-2011-2399

Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-306 Missing Authentication for Critical Function
20% (1) CWE-275 Permission Issues
20% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
20% (1) CWE-20 Improper Input Validation

SAINT Exploits

Description Link
HP Data Protector missing authentication More info here

Open Source Vulnerability Database (OSVDB)

id Description
74249 HP Data Protector Media Management Daemon Unspecified Remote DoS

OpenVAS Exploits

id Description
2011-08-10 Name : HP Data Protector Media Management Daemon Denial of Service Vulnerability
File : nvt/gb_hp_data_protector_mmd_dos_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2011-B-0092 HP OpenView Data Protector Denial of Service Vulnerability
Severity: Category I - VMSKEY: V0029569

Snort® IPS/IDS

Date Description
2014-11-25 HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt
RuleID : 32346 - Type : SERVER-OTHER - Revision : 4
2014-11-19 HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt
RuleID : 32199 - Type : SERVER-OTHER - Revision : 4
2014-11-16 HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt
RuleID : 32076 - Type : SERVER-OTHER - Revision : 4
2014-03-06 HP OpenView Storage Data Protector arbitrary command execution attempt
RuleID : 29518 - Type : SERVER-OTHER - Revision : 10

Nessus® Vulnerability Scanner

id Description
2017-08-11 Name: The remote host is affected by multiple vulnerabilities.
File: hp_data_protector_hpesbgn03732.nasl - Type: ACT_GATHER_INFO
2016-05-06 Name: An application running on the remote host utilizes an embedded SSL private key.
File: hp_data_protector_hardcoded_private_key.nasl - Type: ACT_GATHER_INFO
2016-04-29 Name: The remote host is affected by multiple vulnerabilities.
File: hp_data_protector_hpsbgn03580.nasl - Type: ACT_GATHER_INFO
2011-05-10 Name: The backup service running on the remote host is affected by multiple vulnera...
File: hp_data_protector_multiple_code_exec.nasl - Type: ACT_GATHER_INFO