Release DateDec 22, 2011 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can execute arbitrary SQL queries within the context of the application. |
DescriptionThis indicates an attack attempt to exploit a SQL Injection vulnerability in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers.The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. |
Affected ProductsHP Data Protector for Personal Computers 7.0 and earlier versionsHP Data Protector Notebook Extension 6.20 and earlier versions |
Recommended ActionsApply patch available from the website.https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03058866&ac.admitted=1321021660321.876444892.199480143 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3156 |
