CVE-2011-0921
HP Data Protector - Remote Code Execution via Credential Validation Bypass
Title source: llmDescription
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=130391284726795&w=2
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0308
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-11-057/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46234
Scores
EPSS
0.0418
EPSS Percentile
88.8%
Details
CWE
CWE-20
Status
published
Products (1)
hp/data_protector
Published
Feb 09, 2011
Tracked Since
Feb 18, 2026