Directory Traversal Vulnerabilities in HP Data Protector's Cell Request Service
CVE-2014-5160

Currently unrated

Key Information:

Vendor: HP
Status: Data Protector
Vendor: CVE Published:; 1 August 2014

What is CVE-2014-5160?

HP Data Protector's Cell Request Service has multiple directory traversal vulnerabilities that allow remote attackers to manipulate files on the system. By exploiting an opcode-1091 request, attackers may create arbitrary files, while opcode-305 requests can be used to create or delete files. Although the vendor claims this behavior is by design, the implications for security are significant, making this a concern for users of the product.

References

http://zerodayinitiative.com/advisories/ZDI-14-262/

x_refsource_MISC

http://zerodayinitiative.com/advisories/ZDI-14-263/

x_refsource_MISC

EPSS Score

21% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2014
Vulnerability Reserved
Jul 31, 2014