Security News > 2016 > April > Critical flaws in HP Data Protector open servers to remote attacks (Help Net Security)
2016-04-25 14:41
Hewlett Packard has released critical security updates for its HP Data Protector software, which fix vulnerabilities that could allow remote code execution or unauthorized disclosure of information. HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems. There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical. No more details about them have been … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/L_EIU4zHFYs/
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Major security audit of critical FreeBSD components now available (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-21 | CVE-2016-2004 | Missing Authentication for Critical Function vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. | 9.8 |
| 2016-04-21 | CVE-2016-2007 | Unspecified vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | 9.8 |