CVE-2011-4162

2011-12-0511:55:07

CWE-119

[email protected]

web.nvd.nist.gov

protect tools

ptdam

cve-2011-4162

remote code execution

denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.163 Low

EPSS

Percentile

96.0%

JSON

The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.

Affected configurations

NVD

Node

hpprotecttools_device_access_managerRange≤6.0.0.12

hpprotecttools_device_access_managerMatch6.0.0.9

hpprotecttools_device_access_managerMatch6.0.0.10

CPENameOperatorVersion
hp:protecttools_device_access_managerhp protecttools device access managerle6.0.0.12
hp:protecttools_device_access_managerhp protecttools device access managereq6.0.0.9
hp:protecttools_device_access_managerhp protecttools device access managereq6.0.0.10

CPE	Name	Operator	Version
hp:protecttools_device_access_manager	hp protecttools device access manager	le	6.0.0.12
hp:protecttools_device_access_manager	hp protecttools device access manager	eq	6.0.0.9
hp:protecttools_device_access_manager	hp protecttools device access manager	eq	6.0.0.10