CVE-2011-0921

critical HPE
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
4.7%
Exploitation probability in 30 days
Top 11% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: February 9, 2011 (5574 days ago)
Last Modified: April 29, 2026
Vendor: HPE
Source: NVD

Description

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to execute arbitrary code by sending unspecified data over TCP, related to the webreporting client, the applet domain, and the java username.

CWE

CWE-20

Affected Products

hp data protector

References

🔗 dvlabs.tippingpoint.com 🔗 marc.info 🔗 www.securityfocus.com 🔗 www.vupen.com 🔗 zerodayinitiative.com