CVE-2011-1736

Sažetak

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240
http://osvdb.org/72195
http://secunia.com/advisories/44402
http://www.securityfocus.com/archive/1/517772/100/0/threaded
http://www.securityfocus.com/bid/47638
http://www.securitytracker.com/id?1025454
http://zerodayinitiative.com/advisories/ZDI-11-152/
https://exchange.xforce.ibmcloud.com/vulnerabilities/67209

CVSS

Base:	8.5
Impact:	7.8
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:P

Zadnje važnije ažuriranje

09-10-2018 - 19:31

Objavljeno

07-05-2011 - 19:55