Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:50A7294359030166EA5754B7B5D0292F
HistoryMay 31, 2016 - 12:00 a.m.

HP Data Protector missing authentication

2016-05-3100:00:00
SAINT Corporation
www.saintcorporation.com
30

0.369 Low

EPSS

Percentile

97.2%

JSON

Added: 05/31/2016
CVE: CVE-2016-2004

Background

HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments.

Problem

Data Protector does not authenticate users, even with Encrypted Control Communications enabled. This could allow an unauthenticated remote attacker to execute code on the server.

Resolution

Upgrade to HP Data Protector 7.03_108, 8.15, or 9.06 or higher.

References

<http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988&gt;
<http://www.kb.cert.org/vuls/id/267328&gt;

Limitations

Exploit works on HP Data Protector A.09.00 (Internal Build version 88) and A.07.

Related

cert 1
openvas 2
saint 3
nessus 2
zdt 2
packetstorm 2
exploitpack 2
checkpoint_advisories 1
exploitdb 2
cve 1
cvelist 1
prion 1
nvd 1
cert
cert
HP Data Protector does not perform authentication and contains an embedded SSL private key
2016-04-22 00:00:00
openvas
openvas
HP Data Protector Encrypted Communications Arbitrary Command Execution Vulnerability
2016-07-08 00:00:00
HP Data Protector Multiple Vulnerabilities (Apr 2016)
2016-04-26 00:00:00
saint
saint
HP Data Protector missing authentication
2016-05-31 00:00:00
HP Data Protector missing authentication
2016-05-31 00:00:00
HP Data Protector missing authentication
2016-05-31 00:00:00
nessus
nessus
HP Data Protector Hard-coded Cryptographic Key (HPSBGN03580)
2016-05-06 00:00:00
HP Data Protector 7.0x < 7.03 build 108 / 8.1x < 8.15 / 9.0x < 9.06 Multiple Vulnerabilities (HPSBGN03580) (Bar Mitzvah)
2016-04-29 00:00:00
zdt
zdt
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
2016-05-31 00:00:00
HP Data Protector A.09.00 - Arbitrary Command Execution
2016-05-26 00:00:00
packetstorm
packetstorm
HP Data Protector Encrypted Communication Remote Command Execution
2016-06-07 00:00:00
HP Data Protector A.09.00 Command Execution
2016-05-26 00:00:00
exploitpack
exploitpack
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
2016-05-31 00:00:00
HP Data Protector A.09.00 - Arbitrary Command Execution
2016-05-26 00:00:00
checkpoint_advisories
checkpoint_advisories
HP Data Protector Remote Command Execution (CVE-2016-2004)
2016-10-26 00:00:00
exploitdb
exploitdb
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
2016-05-31 00:00:00
HP Data Protector A.09.00 - Arbitrary Command Execution
2016-05-26 00:00:00
cve
cve
CVE-2016-2004
2016-04-21 11:00:04
cvelist
cvelist
CVE-2016-2004
2016-04-21 10:00:00
prion
prion
Authentication flaw
2016-04-21 11:00:00
nvd
nvd
CVE-2016-2004
2016-04-21 11:00:04

0.369 Low

EPSS

Percentile

97.2%

JSON
Related for SAINT:50A7294359030166EA5754B7B5D0292F
cert1openvas2saint3nessus2zdt2packetstorm2exploitpack2checkpoint_advisories1exploitdb2cve1cvelist1prion1nvd1