CVE-2013-4810

Published: Sep 16, 2013Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Affected (5)

Products: Hp: Application Lifecycle Management, Procurve Manager

2 products

Application Lifecycle Management

Procurve Manager

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hp Application Lifecycle Management	All versions
Hp Procurve Manager	Version 3.20
Hp Procurve Manager	Version 3.20
Hp Procurve Manager	Version 4.0
Hp Procurve Manager	Version 4.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (15)

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

Source: hp-security-alert@hp.com

Broken LinkVendor Advisory

http://marc.info/?l=bugtraq&m=138696448823753&w=2

Source: hp-security-alert@hp.com

Mailing List

http://marc.info/?l=bugtraq&m=143039425503668&w=2

Source: hp-security-alert@hp.com

Mailing List

http://secunia.com/advisories/54788

Source: hp-security-alert@hp.com

Broken LinkVendor Advisory

http://www.securitytracker.com/id/1029010

Source: hp-security-alert@hp.com

Broken LinkThird Party AdvisoryVDB Entry

http://zerodayinitiative.com/advisories/ZDI-13-229/

Source: hp-security-alert@hp.com

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/28713/

Source: hp-security-alert@hp.com

ExploitThird Party AdvisoryVDB Entry

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://marc.info/?l=bugtraq&m=138696448823753&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://marc.info/?l=bugtraq&m=143039425503668&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://secunia.com/advisories/54788

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://www.securitytracker.com/id/1029010

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://zerodayinitiative.com/advisories/ZDI-13-229/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/28713/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-4810

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.