HIGH🇬🇧 English

CVE-2013-4811

CVSS 10.0v2.0pub. 2013-09-16upd. 2026-04-29

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • HP Identity Driven Manager

    APP
    Hp
    4.0
  • HP Procurve Manager

    APP
    Hp
    3.204.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2013-4810CRITICAL9.8⚠ KEVten sam produkt

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application ...

CVE-2013-4809HIGH7.5ten sam produkt

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.2...

CVE-2013-4812HIGH10.0ten sam produkt

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20...

CVE-2013-4813HIGH10.0ten sam produkt

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Iden...

CVE-2007-4514MEDIUM5.0ten sam produkt

Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote at...

CVE-2013-4811 — HIGH 10.0 | CVEbaza.pl