Summary
This host is installed with HP Data Protector and is prone to multiple remote code execution vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code and lead to denial of service conditions.
Impact Level: Application.
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
A Workaround is to apply below mentioned steps,
1. Upgrade to Data Protector A.06.20 or subsequent.
2. Enable encrypted control communication services on cell server and all clients in cell.
Insight
Multiple flaws are due to error in 'data protector inet' service, command. which allows remote remote attackers to execute arbitrary code.
Affected
HP Data Protector 6.20 and prior.
References
Severity
Classification
-
CVE CVE-2011-1514, CVE-2011-1515, CVE-2011-1865, CVE-2011-1866 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X