HPE Data Protector Multiple Flaws Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1035631 |
|
SecurityTracker URL: http://securitytracker.com/id/1035631
|
|
CVE Reference:
CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007, CVE-2016-2008
(Links to External Site)
|
Date: Apr 20 2016
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to versions 7.03_108, 8.15, and 9.06
|
Description:
Multiple vulnerabilities were reported in HPE Data Protector. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information on the target system.
A remote user can send specially crafted data to execute arbitrary code on the target system [CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007].
A remote user can send a specially crafted request to view potentially sensitive information on the target system [CVE-2016-2008].
Jon Barg of GAI NetConsult GmbH reported one vulnerability. IntR0Py (via Trend Micro's Zero Day Initiative) reported three vulnerabilities.
|
Impact:
A remote user can execute arbitrary code on the target system.
A remote user can obtain potentially sensitive information on the target system.
|
Solution:
The vendor has issued a fix (7.03_108, 8.15, 9.06).
The vendor's advisory is available at:
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
|
Vendor URL: h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988 (Links to External Site)
|
Cause:
Not specified
|
Underlying OS: Linux (Red Hat Enterprise), Linux (SuSE), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
