CyberSec.Space Logo
Back to CVE Browser

CVE-2013-4812

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0050%
EPSS Percentile9.35th
PublishedSep 16, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Affected Platforms (CPE)

πŸ“¦
Hp

Identity Driven Manager

= 4.0
πŸ“¦
Hp

Procurve Manager

= 3.20
πŸ“¦
Hp

Procurve Manager

= 4.0

References & Advisories

πŸ”— http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
πŸ”— http://secunia.com/advisories/54788
πŸ”— http://www.securitytracker.com/id/1029010
πŸ”— http://zerodayinitiative.com/advisories/ZDI-13-225/
πŸ”— http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
πŸ”— http://secunia.com/advisories/54788
πŸ”— http://www.securitytracker.com/id/1029010
πŸ”— http://zerodayinitiative.com/advisories/ZDI-13-225/

Related Vulnerabilities

CVE-2013-481110.0

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Id...

CVE-2013-481310.0

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager ...

CVE-2013-48109.8

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management...

CVE-2013-48097.5

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Ident...