Summary
| Detail | |||
|---|---|---|---|
| Vendor | Hp | First view | 2011-08-01 |
| Product | Data Protector | Last view | 2018-02-15 |
| Version | 6.10 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:hp:data_protector | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.5 | 2018-02-15 | CVE-2017-5809 | A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. |
| 7.5 | 2018-02-15 | CVE-2017-5808 | A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. |
| 9.8 | 2018-02-15 | CVE-2017-5807 | A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found. |
| 9.8 | 2016-04-21 | CVE-2016-2008 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. |
| 9.8 | 2016-04-21 | CVE-2016-2007 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. |
| 9.8 | 2016-04-21 | CVE-2016-2006 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. |
| 9.8 | 2016-04-21 | CVE-2016-2005 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. |
| 9.8 | 2016-04-21 | CVE-2016-2004 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. |
| 6.4 | 2014-08-01 | CVE-2014-5160 | Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design. |
| 7.8 | 2011-08-01 | CVE-2011-2399 | Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-306 | Missing Authentication for Critical Function |
| 20% (1) | CWE-275 | Permission Issues |
| 20% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 20% (1) | CWE-20 | Improper Input Validation |
SAINT Exploits
| Description | Link |
|---|---|
| HP Data Protector missing authentication | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 74249 | HP Data Protector Media Management Daemon Unspecified Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-08-10 | Name : HP Data Protector Media Management Daemon Denial of Service Vulnerability File : nvt/gb_hp_data_protector_mmd_dos_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2011-B-0092 | HP OpenView Data Protector Denial of Service Vulnerability Severity: Category I - VMSKEY: V0029569 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-11-25 | HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt RuleID : 32346 - Type : SERVER-OTHER - Revision : 4 |
| 2014-11-19 | HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt RuleID : 32199 - Type : SERVER-OTHER - Revision : 4 |
| 2014-11-16 | HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt RuleID : 32076 - Type : SERVER-OTHER - Revision : 4 |
| 2014-03-06 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 29518 - Type : SERVER-OTHER - Revision : 10 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-08-11 | Name: The remote host is affected by multiple vulnerabilities. File: hp_data_protector_hpesbgn03732.nasl - Type: ACT_GATHER_INFO |
| 2016-05-06 | Name: An application running on the remote host utilizes an embedded SSL private key. File: hp_data_protector_hardcoded_private_key.nasl - Type: ACT_GATHER_INFO |
| 2016-04-29 | Name: The remote host is affected by multiple vulnerabilities. File: hp_data_protector_hpsbgn03580.nasl - Type: ACT_GATHER_INFO |
| 2011-05-10 | Name: The backup service running on the remote host is affected by multiple vulnera... File: hp_data_protector_multiple_code_exec.nasl - Type: ACT_GATHER_INFO |
