Aniway.Anyway

**Name of the Vulnerable Software and Affected Versions** HP Network Virtualization for LoadRunner and Performance Center versions 8.61 and 11.52 **Description** The issue allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component. This can be exploited by a remote attacker to access sensitive information. **Recommendations** For versions 8.61 and 11.52, consider restricting access to the HttpServlet and NetworkEditorController components until a patch is available. As a temporary workaround, avoid using specially crafted URLs that could exploit this issue in the affected components. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP Storage Data Protector version 6.2X **Description** The issue allows remote attackers to execute arbitrary commands or cause a denial of service. This is achieved by sending a crafted EXEC BAR packet to TCP port 5555. **Recommendations** For HP Storage Data Protector version 6.2X, consider restricting access to TCP port 5555 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EMC AlphaStor version 4.0 before build 800 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved through a DCP "run command" operation in the NetWorker command processor in rrobotd.exe within the Device Manager. **Recommendations** For EMC AlphaStor version 4.0 before build 800, update to build 800 or later to resolve the issue. As a temporary workaround, consider restricting access to the DCP "run command" operation to minimize the risk of exploitation.