10

CVE-2013-4810

Warnung
Exploit
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpProcurve Manager Version3.20 SwEdition-
HpProcurve Manager Version3.20 SwEditionplus
HpProcurve Manager Version4.0 SwEdition-
HpProcurve Manager Version4.0 SwEditionplus

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

HP Multiple Products Remote Code Execution Vulnerability

Schwachstelle

HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 79% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
Vendor Advisory
Broken Link
http://secunia.com/advisories/54788
Vendor Advisory
Broken Link
http://www.securitytracker.com/id/1029010
Third Party Advisory
Broken Link
VDB Entry
http://marc.info/?l=bugtraq&m=138696448823753&w=2
Mailing List
http://marc.info/?l=bugtraq&m=143039425503668&w=2
Mailing List
http://zerodayinitiative.com/advisories/ZDI-13-229/
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/28713/
Third Party Advisory
Exploit
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-4810
US Government Resource