Hp: >> Data Protector >> 8.14 Security Vulnerabilities
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
CVSS Score
10.0
EPSS Score
0.899
Published
2011-02-09
The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh.
CVSS Score
10.0
EPSS Score
0.134
Published
2011-02-09
Page 2