CVE-2011-0924

Name of the Vulnerable Software and Affected Versions HP Data Protector (affected versions not specified)

Description The issue concerns the client in HP Data Protector, which fails to verify the contents of files associated with the EXEC CMD command. This allows remote attackers to execute arbitrary script code by providing it with a trusted filename. An example of such exploitation is demonstrated using the omni chk ds.sh script.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.