Release DateNov 26, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a SQL Injection vulnerability in HP Data Protector Notebook Extension and HP Data Protector for PersonalComputers. The vulnerability is a result of the application's failure to properly sanitize user input in the administrator interface. As a result, a remote attacker can leverage this vulnerability to execute arbitrary SQL queries on a target system. |
Affected ProductsHP Data Protector for Personal Computers 7.0 and priorHP Data Protector Notebook Extension 6.20 and prior |
Recommended ActionsApply patches or fixes, available from the website:https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03058866&ac. admitted=1321285525395.876444892.492883150 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3162 |
