Directory Traversal Vulnerabilities in HP Data Protector's Cell Request Service
CVE-2014-5160

Currently unrated

Key Information:

Vendor

HP

Vendor
CVE Published:
1 August 2014

What is CVE-2014-5160?

HP Data Protector's Cell Request Service has multiple directory traversal vulnerabilities that allow remote attackers to manipulate files on the system. By exploiting an opcode-1091 request, attackers may create arbitrary files, while opcode-305 requests can be used to create or delete files. Although the vendor claims this behavior is by design, the implications for security are significant, making this a concern for users of the product.

References

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-5160 : Directory Traversal Vulnerabilities in HP Data Protector's Cell Request Service