Security News > 2016 > April > Critical flaws in HP Data Protector open servers to remote attacks (Help Net Security)
2016-04-25 14:41
Hewlett Packard has released critical security updates for its HP Data Protector software, which fix vulnerabilities that could allow remote code execution or unauthorized disclosure of information. HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems. There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical. No more details about them have been … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/L_EIU4zHFYs/
Related news
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- Critical Ivanti vTM auth bypass bug now exploited in attacks (source)
- HPE patches three critical security holes in Aruba PAPI (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-04-21 | CVE-2016-2004 | Missing Authentication for Critical Function vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. | 9.3 |
| 2016-04-21 | CVE-2016-2007 | Request Remote Code Execution vulnerability in HP Data Protector HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. | 10.0 |