HP.Multiple.Products.LogClientInstallation.SQL.Injection
Description
This indicates an attack attempt to exploit a SQL Injection vulnerability in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.
Affected Products
HP Data Protector for Personal Computers 7.0 and earlier versions
HP Data Protector Notebook Extension 6.20 and earlier versions
Impact
System Compromise: Remote attackers can execute arbitrary SQL queries within the context of the application.
Recommended Actions
Apply patch available from the website.
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03058866&ac.admitted=1321021660321.876444892.199480143
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |