CVE-2013-4811

Published: Sep 16, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Affected (3)

Products: Hp: Identity Driven Manager, Procurve Manager

2 products

Identity Driven Manager

Procurve Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Hp Identity Driven Manager	Version 4.0
Hp Procurve Manager	Version 3.20
Hp Procurve Manager	Version 4.0

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

Source: hp-security-alert@hp.com

Vendor Advisory

http://secunia.com/advisories/54788

Source: hp-security-alert@hp.com

http://www.securitytracker.com/id/1029010

Source: hp-security-alert@hp.com

http://zerodayinitiative.com/advisories/ZDI-13-226/

Source: hp-security-alert@hp.com

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/54788

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1029010

Source: af854a3a-2127-422b-91ae-364da2661108

http://zerodayinitiative.com/advisories/ZDI-13-226/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.