Storage Data Protector
by Microfocus
CVEs (61)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2004 | Cri | 0.74 | 9.8 | 0.94 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623. | ||
| CVE-2016-2008 | Cri | 0.65 | 9.8 | 0.10 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-2007 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | ||
| CVE-2016-2006 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. | ||
| CVE-2016-2005 | Cri | 0.65 | 9.8 | 0.20 | Apr 21, 2016 | HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. | ||
| CVE-2014-2623 | 0.10 | — | 0.89 | Jul 18, 2014 | Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-2333 | 0.10 | — | 0.90 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. | |||
| CVE-2011-1865 | 0.10 | — | 0.89 | Jul 1, 2011 | Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters. | |||
| CVE-2011-0923 | 0.09 | — | 0.81 | Feb 9, 2011 | The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory." | |||
| CVE-2013-6194 | 0.08 | — | 0.66 | Jan 4, 2014 | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. | |||
| CVE-2013-2347 | 0.08 | — | 0.66 | Jan 4, 2014 | The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885. | |||
| CVE-2011-0922 | 0.08 | — | 0.64 | Feb 9, 2011 | The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname. | |||
| CVE-2007-2280 | 0.08 | — | 0.60 | Dec 18, 2009 | Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments,… | |||
| CVE-2011-0514 | 0.07 | — | 0.49 | Jan 20, 2011 | The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530. | |||
| CVE-2019-11660 | 0.06 | — | 0.08 | Sep 13, 2019 | Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | |||
| CVE-2013-2335 | 0.05 | — | 0.61 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733. | |||
| CVE-2013-2332 | 0.05 | — | 0.62 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. | |||
| CVE-2013-2331 | 0.05 | — | 0.61 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652. | |||
| CVE-2013-2330 | 0.05 | — | 0.61 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638. | |||
| CVE-2013-2329 | 0.05 | — | 0.61 | Jun 6, 2013 | Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637. |
- risk 0.74cvss 9.8epss 0.94
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
- risk 0.65cvss 9.8epss 0.10
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
- risk 0.65cvss 9.8epss 0.20
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
- CVE-2014-2623Jul 18, 2014risk 0.10cvss —epss 0.89
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2013-2333Jun 6, 2013risk 0.10cvss —epss 0.90
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
- CVE-2011-1865Jul 1, 2011risk 0.10cvss —epss 0.89
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
- CVE-2011-0923Feb 9, 2011risk 0.09cvss —epss 0.81
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
- CVE-2013-6194Jan 4, 2014risk 0.08cvss —epss 0.66
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
- CVE-2013-2347Jan 4, 2014risk 0.08cvss —epss 0.66
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
- CVE-2011-0922Feb 9, 2011risk 0.08cvss —epss 0.64
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
- CVE-2007-2280Dec 18, 2009risk 0.08cvss —epss 0.60
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments,…
- CVE-2011-0514Jan 20, 2011risk 0.07cvss —epss 0.49
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
- CVE-2019-11660Sep 13, 2019risk 0.06cvss —epss 0.08
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
- CVE-2013-2335Jun 6, 2013risk 0.05cvss —epss 0.61
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733.
- CVE-2013-2332Jun 6, 2013risk 0.05cvss —epss 0.62
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.
- CVE-2013-2331Jun 6, 2013risk 0.05cvss —epss 0.61
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.
- CVE-2013-2330Jun 6, 2013risk 0.05cvss —epss 0.61
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.
- CVE-2013-2329Jun 6, 2013risk 0.05cvss —epss 0.61
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.
Page 1 of 4