CVE-2013-4811
Summary
| CVE | CVE-2013-4811 |
|---|---|
| State | PUBLISHED |
| Assigner | hp |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-09-16 13:01:46 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Identity Driven Manager | 4.0 | All | All | All |
| Application | Hp | Procurve Manager | 3.20 | All | All | All |
| Application | Hp | Procurve Manager | 4.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | zerodayinitiative.com | |
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Documento de soporte HP - Centro de Soporte de HP | af854a3a-2127-422b-91ae-364da2661108 | h20565.www2.hp.com | Vendor Advisory |
| HP ProCurve Manager Bugs Let Remote Users Inject SQL Commands, Hijack Sessions, and Code Execution - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.