Search criteria
9 vulnerabilities found for data_protector by microfocus
FKIE_CVE-2021-22517
Vulnerability from fkie_nvd - Published: 2021-08-05 21:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | data_protector | 10.0 | |
| microfocus | data_protector | 10.10 | |
| microfocus | data_protector | 10.20 | |
| microfocus | data_protector | 10.30 | |
| microfocus | data_protector | 10.40 | |
| microfocus | data_protector | 10.50 | |
| microfocus | data_protector | 10.60 | |
| microfocus | data_protector | 10.70 | |
| microfocus | data_protector | 10.80 | |
| microfocus | data_protector | 10.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24DC50FA-D787-4715-8B21-C2120D566FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3C11A5-FE44-444C-ABE5-954801CB33DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D06B57-54F9-4405-B499-631D33933702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "1C01AB63-5FA4-4800-954A-2218048313A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA8B0B3-580F-40EA-85BB-7490C17F7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.50:*:*:*:*:*:*:*",
"matchCriteriaId": "909C0404-14C7-4C5C-B5CE-65C83E82EC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.60:*:*:*:*:*:*:*",
"matchCriteriaId": "1110D5DF-270C-443A-98C2-2591118ADBB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D4690EB0-DB47-498C-B0B8-9070019281BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.80:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3AFCF2-C7E7-43D4-B142-34B549BB94A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.91:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C88D11-4FDA-4C19-B6B6-4AFE6E13A133",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
},
{
"lang": "es",
"value": "Se ha identificado una posible vulnerabilidad de escalada de privilegios no autorizada en Micro Focus Data Protector. La vulnerabilidad afecta las versiones 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 y 10.91. Un usuario privilegiado puede potencialmente usar inapropiadamente esta funcionalidad y permitir as\u00ed un acceso no intencionado y no autorizado a los datos"
}
],
"id": "CVE-2021-22517",
"lastModified": "2024-11-21T05:50:15.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-05T21:15:10.953",
"references": [
{
"source": "security@opentext.com",
"url": "https://portal.microfocus.com/s/article/KM000001460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11660
Vulnerability from fkie_nvd - Published: 2019-09-13 18:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | data_protector | * | |
| microfocus | data_protector | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:data_protector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9352B8F-A1F8-4253-A339-1CCBD6C83256",
"versionEndIncluding": "10.04",
"versionStartIncluding": "10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:data_protector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349F3FA2-ED71-4680-9AC2-13E88A94DF28",
"versionEndIncluding": "10.40",
"versionStartIncluding": "10.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
},
{
"lang": "es",
"value": "Una manipulaci\u00f3n de privilegios en Micro Focus Data Protector, versiones 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. Esta vulnerabilidad podr\u00eda ser explotada por parte de un usuario poco privilegiado para ejecutar un binario personalizado con mayores privilegios."
}
],
"id": "CVE-2019-11660",
"lastModified": "2024-11-21T04:21:32.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-13T18:15:10.987",
"references": [
{
"source": "security@opentext.com",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
},
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-3476
Vulnerability from fkie_nvd - Published: 2019-03-25 17:29 - Updated: 2024-11-21 04:42
Severity ?
Summary
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | data_protector | 10.03 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:data_protector:10.03:*:*:*:*:*:*:*",
"matchCriteriaId": "55D23EE4-66F3-4DB2-A890-7D0CCEB3B4E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
},
{
"lang": "es",
"value": "Ejecuci\u00f3n remota de c\u00f3digo arbitrario en Micro Focus Data Protector, versi\u00f3n 10.03; esta vulnerabilidad podr\u00eda permitir una ejecuci\u00f3n remota de c\u00f3digo arbitrario."
}
],
"id": "CVE-2019-3476",
"lastModified": "2024-11-21T04:42:06.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T17:29:00.810",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-22517 (GCVE-0-2021-22517)
Vulnerability from cvelistv5 – Published: 2021-08-05 20:41 – Updated: 2024-08-03 18:44
VLAI?
Summary
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data.
Severity ?
No CVSS data available.
CWE
- Privileged escalation vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Protector |
Affected:
10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:41:05",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000001460",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22517",
"datePublished": "2021-08-05T20:41:05",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:13.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11660 (GCVE-0-2019-11660)
Vulnerability from cvelistv5 – Published: 2019-09-13 17:21 – Updated: 2024-08-04 23:03
VLAI?
Summary
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
Severity ?
No CVSS data available.
CWE
- Privileges manipulation.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Protector |
Affected:
10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileges manipulation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileges manipulation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03525630",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"name": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11660",
"datePublished": "2019-09-13T17:21:26",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3476 (GCVE-0-2019-3476)
Vulnerability from cvelistv5 – Published: 2019-03-25 16:07 – Updated: 2024-08-04 19:12
VLAI?
Summary
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Micro Focus Data Protector |
Affected:
10.03
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.03"
}
]
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Data Protector",
"version": {
"version_data": [
{
"version_value": "10.03"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03337614",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3476",
"datePublished": "2019-03-25T16:07:28",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22517 (GCVE-0-2021-22517)
Vulnerability from nvd – Published: 2021-08-05 20:41 – Updated: 2024-08-03 18:44
VLAI?
Summary
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data.
Severity ?
No CVSS data available.
CWE
- Privileged escalation vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Protector |
Affected:
10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileged escalation vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T20:41:05",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileged escalation vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000001460",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000001460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22517",
"datePublished": "2021-08-05T20:41:05",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:13.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11660 (GCVE-0-2019-11660)
Vulnerability from nvd – Published: 2019-09-13 17:21 – Updated: 2024-08-04 23:03
VLAI?
Summary
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
Severity ?
No CVSS data available.
CWE
- Privileges manipulation.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Data Protector |
Affected:
10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privileges manipulation.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Protector",
"version": {
"version_data": [
{
"version_value": "10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privileges manipulation."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03525630",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03525630"
},
{
"name": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155076/Micro-Focus-HPE-Data-Protector-SUID-Privilege-Escalation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11660",
"datePublished": "2019-09-13T17:21:26",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3476 (GCVE-0-2019-3476)
Vulnerability from nvd – Published: 2019-03-25 16:07 – Updated: 2024-08-04 19:12
VLAI?
Summary
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- Remote Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Micro Focus Data Protector |
Affected:
10.03
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Data Protector",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "10.03"
}
]
}
],
"datePublic": "2019-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Data Protector",
"version": {
"version_data": [
{
"version_value": "10.03"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03337614",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03337614"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3476",
"datePublished": "2019-03-25T16:07:28",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}