Executive Summary
Summary | |
---|---|
Title | HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code |
Informations | |||
---|---|---|---|
Name | HPSBMA02654 SSRT100441 | First vendor Publication | 2011-04-25 |
Vendor | HP | Last vendor Modification | 2011-04-25 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Potential security vulnerabilities has been identified with HP OpenView Storage Data Protector. These vulnerabilities could be remotely exploited to execute arbitrary code. |
Original Source
Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
HP Data Protector Client EXEC_CMD Command Execution | More info here |
HP Data Protector Client agent EXEC_SETUP code execution | More info here |
ExploitDB Exploits
id | Description |
---|---|
2013-08-07 | HP Data Protector Arbitrary Remote Command Execution |
2013-08-02 | HP Data Protector CMD Install Service Vulnerability (msf) |
2012-06-19 | HP Data Protector Client EXEC_CMD Remote Code Execution |
2011-08-10 | HP Data Protector Remote Root Shell for Linux |
2011-08-05 | HP Data Protector Remote Shell for HP-UX |
2011-05-29 | HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056) |
2011-05-28 | HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055) |
OpenVAS Exploits
Date | Description |
---|---|
2011-06-13 | Name : HP Data Protector Client 'EXEC_CMD' Remote Code Execution Vulnerability File : nvt/gb_hp_data_protector_exec_cmd_code_exec_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72527 | HP Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution |
72526 | HP Data Protector Client EXEC_CMD Perl Interpreter Crafted Input Remote Code ... |
72525 | HP Data Protector Client EXEC_SETUP Arbitrary Setup File Invocation Remote Co... |
72524 | HP Data Protector Cell Manager Service (crs.exe) Unspecified Authentication B... |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-31 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 50829 - Revision : 1 - Type : SERVER-OTHER |
2019-08-31 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 50828 - Revision : 1 - Type : SERVER-OTHER |
2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49893 - Revision : 2 - Type : SERVER-OTHER |
2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49892 - Revision : 1 - Type : SERVER-OTHER |
2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49891 - Revision : 1 - Type : SERVER-OTHER |
2019-05-23 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 49890 - Revision : 2 - Type : SERVER-OTHER |
2016-08-09 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 39453 - Revision : 2 - Type : SERVER-OTHER |
2016-03-15 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 37667 - Revision : 2 - Type : SERVER-OTHER |
2016-03-15 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 37666 - Revision : 2 - Type : SERVER-OTHER |
2016-03-14 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 36159 - Revision : 4 - Type : SERVER-OTHER |
2016-03-14 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 36158 - Revision : 4 - Type : SERVER-OTHER |
2014-03-15 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 29801 - Revision : 8 - Type : SERVER-OTHER |
2014-03-08 | HP OpenView Storage Data Protector buffer overflow attempt RuleID : 29630 - Revision : 6 - Type : SERVER-OTHER |
2014-03-06 | HP OpenView Storage Data Protector buffer overflow attempt RuleID : 29603 - Revision : 6 - Type : SERVER-OTHER |
2014-03-06 | HP OpenView Storage Data Protector arbitrary command execution attempt RuleID : 29518 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | HP Data Protector client EXEC_CMD command execution attempt RuleID : 24223 - Revision : 7 - Type : SERVER-OTHER |
2014-01-10 | HP Data Protector client EXEC_CMD command execution attempt RuleID : 24222 - Revision : 7 - Type : SERVER-OTHER |
2014-01-10 | HP Data Protector client EXEC_CMD command execution attempt RuleID : 24221 - Revision : 6 - Type : SERVER-OTHER |
2014-01-10 | HP Data Protector Backup Client Service code execution attempt RuleID : 18754 - Revision : 9 - Type : SERVER-OTHER |