Back to search
CVE-2011-0921
Published: Feb 9, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp
x_refsource_MISC
SSRT100441
vendor-advisory
x_refsource_HP
ADV-2011-0308
vdb-entry
x_refsource_VUPEN
HPSBMA02654
vendor-advisory
x_refsource_HP
http://zerodayinitiative.com/advisories/ZDI-11-057/
x_refsource_MISC
46234
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now