CVE-2014-5160

Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hp:data_protector:6.10:*:*:*:*:*:*:*
cpe:2.3:a:hp:data_protector:6.11:*:*:*:*:*:*:*

History

07 Nov 2023, 02:20

Type Values Removed Values Added
Summary ** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design." Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.

Information

Published : 2014-08-01 11:13

Updated : 2024-08-06 12:15


NVD link : CVE-2014-5160

Mitre link : CVE-2014-5160

CVE.ORG link : CVE-2014-5160


JSON object : View

Products Affected

hp

  • data_protector
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')