Vulnerability Description
Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. NOTE: the vendor reportedly asserts that this behavior is "by design.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Data Protector | 6.10 |
Related Weaknesses (CWE)
References
- http://zerodayinitiative.com/advisories/ZDI-14-262/
- http://zerodayinitiative.com/advisories/ZDI-14-263/
- http://zerodayinitiative.com/advisories/ZDI-14-262/
- http://zerodayinitiative.com/advisories/ZDI-14-263/
FAQ
What is CVE-2014-5160?
CVE-2014-5160 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Multiple directory traversal vulnerabilities in crs.exe in the Cell Request Service in HP Data Protector allow remote attackers to create arbitrary files via an opcode-1091 request, or create or delet...
How severe is CVE-2014-5160?
CVE-2014-5160 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5160?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Data Protector.