Remote Code Execution Vulnerability in HPE Data Protector
CVE-2017-5809

5.5MEDIUM

Key Information:

Vendor
HP
Status
Data Protector
Vendor
CVE Published:
2 August 2017

Summary

A vulnerability in HPE Data Protector allows for remote arbitrary code execution, potentially enabling attackers to execute malicious code without authorization. This issue affects versions prior to 8.17 and 9.09, emphasizing the need for timely updates and security measures. Users are advised to patch their systems or upgrade to the latest versions to mitigate any security risks associated with this vulnerability.

Affected Version(s)

Data Protector prior to 8.17 and 9.09

References

https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-se...
x_refsource_MISC
https://support.hpe.com/hpsc/doc/public/display?docId=emr...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100088
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.