CVE-2014-5160

Currently unrated

Key Information:

Vendor: HP
Status: Data Protector
Vendor: CVE Published:; 1 August 2014

Summary

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

References

http://zerodayinitiative.com/advisories/ZDI-14-262/

x_refsource_MISC

http://zerodayinitiative.com/advisories/ZDI-14-263/

x_refsource_MISC

EPSS Score

95% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 1, 2014
Vulnerability Reserved
Jul 31, 2014