PT-2016-4956 · Hewlett Packard · Hpe Data Protector

Ian Lovering

Published

2016-04-21

Updated

2019-07-12

CVE-2016-2004

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HPE Data Protector versions prior to 7.03 108 HPE Data Protector versions 8.x prior to 8.15 HPE Data Protector versions 9.x prior to 9.06

Description The issue allows remote attackers to execute arbitrary code due to a lack of authentication. This is a result of an incomplete fix for a previous security issue.

Recommendations For versions prior to 7.03 108, update to version 7.03 108 or later. For versions 8.x prior to 8.15, update to version 8.15 or later. For versions 9.x prior to 9.06, update to version 9.06 or later.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2016-2004

Affected Products

Hpe Data Protector

PT-2016-4956 · Hewlett Packard · Hpe Data Protector

CVE-2016-2004

Weakness Enumeration

Related Identifiers

Affected Products

References · 10