HIGH🇵🇱 Wersja polska

CVE-2013-4809

CVSS 7.5v2.0pub. 2013-09-16upd. 2026-04-29

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • HP Identity Driven Manager

    APP
    Hp
    4.0
  • HP Procurve Manager

    APP
    Hp
    3.204.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2013-4810CRITICAL9.8⚠ KEVten sam produkt

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application ...

CVE-2013-4811HIGH10.0ten sam produkt

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ ...

CVE-2013-4812HIGH10.0ten sam produkt

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20...

CVE-2013-4813HIGH10.0ten sam produkt

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Iden...

CVE-2007-4514MEDIUM5.0ten sam produkt

Unspecified vulnerability in HP ProCurve Manager and HP ProCurve Manager Plus 2.3 and earlier allows remote at...