Remote Code Execution Vulnerability in HPE Data Protector
CVE-2017-5808

7.5HIGH

Key Information:

Vendor
HP
Status
Data Protector
Vendor
CVE Published:
15 February 2018

Summary

A critical vulnerability exists in HPE Data Protector, allowing remote attackers to execute arbitrary code without authentication. This affects users of versions prior to 8.17 and 9.09, potentially exposing sensitive data and system integrity. Attackers can exploit this flaw through crafted requests, ending in significant security risks. Regular updates and vigilance are essential for protecting your systems from these threats.

Affected Version(s)

Data Protector prior to 8.17 and 9.09

References

https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM
https://www.tenable.com/security/research/tra-2017-26
x_refsource_MISC
http://www.securityfocus.com/bid/100088
vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.