Security News > 2016 > April > Critical flaws in HP Data Protector open servers to remote attacks (Help Net Security)
2016-04-25 14:41
Hewlett Packard has released critical security updates for its HP Data Protector software, which fix vulnerabilities that could allow remote code execution or unauthorized disclosure of information. HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems. There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical. No more details about them have been … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/L_EIU4zHFYs/
Related news
- Critical flaws fixed in Nagios Log Server (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Linux 'io_uring' security blindspot allows stealthy rootkit attacks (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-21 | CVE-2016-2004 | Missing Authentication for Critical Function vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. | 9.8 |
| 2016-04-21 | CVE-2016-2007 | Unspecified vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | 9.8 |