Critical severity9.8NVD Advisory· Published Apr 21, 2016· Updated May 6, 2026

CVE-2016-2004

Description

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.

Affected products

HP/Data Protector
cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
Range: >=7.0,<7.03_108

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/137341/HP-Data-Protector-Encrypted-Communication-Remote-Command-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/39858/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/39874/nvdExploitThird Party AdvisoryVDB Entry
packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.htmlnvdThird Party AdvisoryVDB Entry
www.kb.cert.org/vuls/id/267328nvdThird Party AdvisoryUS Government Resource
www.securitytracker.com/id/1035631nvdThird Party AdvisoryVDB Entry
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.074
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000