Vulnerability Description
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Data Protector | All versions |
Related Weaknesses (CWE)
References
- http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp
- http://marc.info/?l=bugtraq&m=130391284726795&w=2
- http://www.securityfocus.com/bid/46234
- http://www.vupen.com/english/advisories/2011/0308Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-11-057/
- http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp
- http://marc.info/?l=bugtraq&m=130391284726795&w=2
- http://www.securityfocus.com/bid/46234
- http://www.vupen.com/english/advisories/2011/0308Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-11-057/
FAQ
What is CVE-2011-0921?
CVE-2011-0921 is a vulnerability with a CVSS score of 10.0 (HIGH). crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execu...
How severe is CVE-2011-0921?
CVE-2011-0921 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0921?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Data Protector.