HP Data Protector - Arbitrary Command Execution (CVE-2016-2004)

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.

HPE数据保护者版本7.03_108之前、8.x版本8.15之前以及9.x版本9.06之前的产品允许远程攻击者通过未指定的与认证不足相关的向量执行任意代码。此漏洞存在的原因是对CVE-2014-2623漏洞的不完整修复。