CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.4%
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Vendor | Product | Version | CPE |
---|---|---|---|
hp | data_protector | 6.10 | cpe:2.3:a:hp:data_protector:6.10:*:*:*:*:*:*:* |
hp | data_protector | 6.11 | cpe:2.3:a:hp:data_protector:6.11:*:*:*:*:*:*:* |