Remote Code Execution Vulnerability in HPE Data Protector
CVE-2016-2008

9.8CRITICAL

Key Information:

Vendor: HP
Status: Data Protector
Vendor: CVE Published:; 21 April 2016

Summary

HPE Data Protector versions prior to 7.03_108, 8.15, and 9.06 are susceptible to a remote code execution vulnerability that could allow attackers to execute arbitrary code on affected systems. This vulnerability can be exploited through unspecified vectors, potentially leading to unauthorized access and control over the system. Organizations using these versions should prioritize updates to safeguard their infrastructure against such threats.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1035631

vdb-entryx_refsource_SECTRACK

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 21, 2016
Vulnerability Reserved
Jan 22, 2016