CVE-2011-1736

{"id": "CVE-2011-1736", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-05-07T19:55:01.497", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://osvdb.org/72195", "source": "hp-security-alert@hp.com"}, {"url": "http://secunia.com/advisories/44402", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/archive/1/517772/100/0/threaded", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/47638", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id?1025454", "source": "hp-security-alert@hp.com"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-11-152/", "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en OmniInet.exe en Backup Client Service en HP OpenView Storage Data Protector v6.00, v6.10, y v6.11 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de secuencias de salto de directorio en un nombre de fichero en un mensaje GET_FILE."}], "lastModified": "2018-10-09T19:31:59.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:openview_storage_data_protector:6.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD25EB53-4062-4054-BBB9-AF0676E86C98"}, {"criteria": "cpe:2.3:a:hp:openview_storage_data_protector:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F55A6FD-8104-4A26-A803-F8971AED5940"}, {"criteria": "cpe:2.3:a:hp:openview_storage_data_protector:6.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42BAF885-79EF-418C-A391-751AA8593E85"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}