Check Point Reference: | CPAI-2012-100 |
Date Published: | 19 Mar 2012 |
Severity: | High |
Last Updated: | Friday 22 November, 2024 |
Source: | CVE-2011-3162 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | HP Data Protector for Personal Computers 7.0 and prior HP Data Protector Notebook Extension 6.20 and prior |
Vulnerability Description | An SQL injection vulnerability has been reported in multiple HP Data Protector products. |
Vulnerability Details | The vulnerability is due to improper sanitation of user supplied type parameters in SOAP requests. A remote attacker may exploit this issue by sending HTTP SOAP requests with a malformed type value in the request XML. Successful exploitation could cause an SQL statement execution on the server, which can result in disclosure of sensitive information, data manipulation, or possibly command execution. |
This protection will detect and block attempts to transfer specially crafted SOAP requests.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: HP Products Protection Violation
Attack Information: HP Data Protector Multiple Products FinishedCopy SQL Injection