Data Protector

data_protector

Vendor: Hp • 14 CVEs

CVEs (14)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-5809 1Hp 1Data Protector Nov 21, 2024 Feb 15, 2018 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
CVE-2017-5808 1Hp 1Data Protector Nov 21, 2024 Feb 15, 2018 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
CVE-2017-5807 1Hp 1Data Protector Nov 21, 2024 Feb 15, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.
CVE-2016-2008 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-2007 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
CVE-2016-2006 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353.
CVE-2016-2005 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352.
CVE-2016-2004 1Hp 1Data Protector May 6, 2026 Apr 21, 2016 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists becaus...Show more HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.Show less
CVE-2014-5160 1Hp 1Data Protector May 6, 2026 Aug 1, 2014 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files vi...Show more Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.Show less
CVE-2011-2399 1Hp 1Data Protector Apr 29, 2026 Aug 1, 2011 N/A· v4 N/A· v3 7.8 HIGH· v2 Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.
CVE-2011-0924 1Hp 1Data Protector Apr 29, 2026 Feb 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, a...Show more The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.Show less
CVE-2011-0923 1Hp 1Data Protector Apr 29, 2026 Feb 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
CVE-2011-0922 1Hp 1Data Protector Apr 29, 2026 Feb 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
CVE-2011-0921 1Hp 1Data Protector Apr 29, 2026 Feb 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by...Show more crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.Show less