Security News > 2016 > April > Critical flaws in HP Data Protector open servers to remote attacks (Help Net Security)
2016-04-25 14:41
Hewlett Packard has released critical security updates for its HP Data Protector software, which fix vulnerabilities that could allow remote code execution or unauthorized disclosure of information. HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems. There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical. No more details about them have been … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/L_EIU4zHFYs/
Related news
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- The ongoing evolution of the CIS Critical Security Controls (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-21 | CVE-2016-2004 | Missing Authentication for Critical Function vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. | 9.8 |
| 2016-04-21 | CVE-2016-2007 | Unspecified vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | 9.8 |