CVE-2013-4810: HP Multiple Products Remote Code Execution Vulnerability
First published: Fri Sep 13 2013(Updated: )
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
Credit: hp-security-alert@hp.com hp-security-alert@hp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Application Lifecycle Management | ||
| Hp Identity Driven Manager | =4.0 | |
| HP ProCurve Manager | =3.20 | |
| Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management | =3.20 | |
| HP ProCurve Manager | =4.0 | |
| Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management | =4.0 | |
| Hp Procurve Manager | =3.20 | |
| Hp Procurve Manager | =4.0 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
- http://marc.info/?l=bugtraq&m=138696448823753&w=2
- http://marc.info/?l=bugtraq&m=143039425503668&w=2
- http://secunia.com/advisories/54788
- http://www.securitytracker.com/id/1029010
- http://zerodayinitiative.com/advisories/ZDI-13-229/
- https://www.exploit-db.com/exploits/28713/
- https://nvd.nist.gov/vuln/detail/CVE-2013-4810
- collector/nvd-index
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/nvd-cve
- agent/source
- vendor/hp
- canonical/hp application lifecycle management
- canonical/hp identity driven manager
- version/hp identity driven manager/4.0
- canonical/hp procurve manager
- version/hp procurve manager/3.20
- canonical/hewlett packard (hp) procurve manager (pcm), pcm+, identity driven manager (idm), and application lifecycle management
- version/hewlett packard (hp) procurve manager (pcm), pcm+, identity driven manager (idm), and application lifecycle management/3.20
- version/hp procurve manager/4.0
- version/hewlett packard (hp) procurve manager (pcm), pcm+, identity driven manager (idm), and application lifecycle management/4.0
- vendor/hewlett packard (hp)