CVE-2014-5160

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://zerodayinitiative.com/advisories/ZDI-14-262/
http://zerodayinitiative.com/advisories/ZDI-14-263/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:data_protector:6.10:::::::*
	cpe:2.3:a:hp:data_protector:6.11:::::::*

History

07 Nov 2023, 02:20

Type	Values Removed	Values Added
Summary	DISPUTED Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design."	Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

Information

Published : 2014-08-01 11:13

Updated : 2024-04-11 00:51

NVD link : CVE-2014-5160

Mitre link : CVE-2014-5160

CVE.ORG link : CVE-2014-5160

JSON object : View

Products Affected

data_protector

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

6.4 /10