CVE-2015-5446 : HP StoreOnce Backup system software before 3.13.1 allows remote attackers to exe

HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors.

Published 2016-01-05 11:59:02

Updated 2025-04-12 10:46:41

Source HP Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2015-5446

HP » Storeonce Backup System Software
Versions up to, including, (<=) 3.13.0
cpe:2.3:o:hp:storeonce_backup_system_software:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

4.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:H/Au:N/C:P/I:P/A:C	3.2	8.5	NIST
Access Vector: Adjacent Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Complete
7.5	HIGH	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589

HPSBST03517 rev.1 - HP StoreOnce Backup systems, Remote Execution of Arbitrary Code with Privilege Elevation, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/79392

HP StoreOnce Backup System Multiple Unspecified Security Vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id/1034605

HP StoreOnce Backup System Bugs Let Remote Users Conduct Cross-Site Request Forgery and Cross-Site Scripting Attacks and Gain Elevated Privileges - SecurityTracker

CVEs referencing this url

Jump to