This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote host is affected by multiple vulnerabilities.
The version of HP Data Protector installed on the remote host is
8.x prior to 8.17, or 9.x prior to 9.09. It
is, therefore, affected by the following vulnerabilities :
- HPE Data Protector contains an unspecified overflow
condition that is triggered as certain input is not
properly validated. This may allow a remote attacker
to cause a stack-based buffer overflow, resulting in
a denial of service or potentially allowing the
execution of arbitrary code. (CVE-2017-5807)
- HPE Data Protector contains an unspecified flaw that
may allow a remote attacker to cause a denial of
service. No further details have been provided by
the vendor. (CVE-2017-5808)
- HPE Data Protector contains an unspecified flaw related
to improper permissions. This may allow a local attacker
to disclose sensitive information. No further details
have been provided by the vendor. (CVE-2017-5809)
See also :
Upgrade to HP Data Protector 8.17 / 9.09 or later per the vendor advisory.
Risk factor :
High / CVSS Base Score : 7.6