- Jun 9, 2013
- 6,720
Hewlett Packard has released critical security updates for its HP Data Protector software, which fix vulnerabilities that could allow remote code execution or unauthorized disclosure of information.
HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems.
There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical.
No more details about them have been shared by HP in the advisory accompanying the update, but a vulnerability note released by CERT/CC regarding CVE-2016-2004 explains that Data Protector does not authenticate users, even with Encrypted Control Communications enabled, and that could allow an unauthenticated remote attacker to execute code on the server hosting the software.
Another problem is that Data Protector contains an
Full Article. Critical flaws in HP Data Protector open servers to remote attacks - Help Net Security
HP Data Protector software is automated backup and recovery software for single-server to enterprise environments, and can be set up on Windows, Unix, and Linux operating systems.
There are six vulnerabilities in all, with CVE-2016-2004 through CVE-2016-2007 all being considered critical.
No more details about them have been shared by HP in the advisory accompanying the update, but a vulnerability note released by CERT/CC regarding CVE-2016-2004 explains that Data Protector does not authenticate users, even with Encrypted Control Communications enabled, and that could allow an unauthenticated remote attacker to execute code on the server hosting the software.
Another problem is that Data Protector contains an
Full Article. Critical flaws in HP Data Protector open servers to remote attacks - Help Net Security
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
