CVE-2011-4791

2022-10-0316:15:14

CWE-94

[email protected]

web.nvd.nist.gov

cve-2011-4791

dbserver.exe

hp data protector

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.064 Low

EPSS

Percentile

93.7%

JSON

DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.

Affected configurations

NVD

Node

hpdata_protector_media_operationsRange≤6.11

hpdata_protector_media_operationsMatch5.0

hpdata_protector_media_operationsMatch5.1

hpdata_protector_media_operationsMatch5.5

hpdata_protector_media_operationsMatch6.10

CPENameOperatorVersion
hp:data_protector_media_operationshp data protector media operationsle6.11
hp:data_protector_media_operationshp data protector media operationseq5.0
hp:data_protector_media_operationshp data protector media operationseq5.1
hp:data_protector_media_operationshp data protector media operationseq5.5
hp:data_protector_media_operationshp data protector media operationseq6.10

CPE	Name	Operator	Version
hp:data_protector_media_operations	hp data protector media operations	le	6.11
hp:data_protector_media_operations	hp data protector media operations	eq	5.0
hp:data_protector_media_operations	hp data protector media operations	eq	5.1
hp:data_protector_media_operations	hp data protector media operations	eq	5.5
hp:data_protector_media_operations	hp data protector media operations	eq	6.10