Severity: : Critical
  CVE Kennungen: : CVE-2013-6194
  Advisory Date: 21 de lipca de 2015

  DESCRIPTION

HP Data Protector contains a flaw in the Backup Client Service (OmniInet.exe), as it does not properly sanitize user input, specifically path traversal style attacks supplied via Opcode 42 requests. With a specially crafted request, a remote attacker can write files outside of a restricted path to execute arbitrary code.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1006147
  Trend Micro Deep Security DPI Rule Name: 1006147 - HP Data Protector Backup Client Service Directory Traversal Vulnerability

  AFFECTED SOFTWARE AND VERSION:

  • hp storage_data_protector 6.20
  • hp storage_data_protector 6.21