CyberSec.Space Logo
Back to CVE Browser

CVE-2013-4811

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1330%
EPSS Percentile23.38th
PublishedSep 16, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Affected Platforms (CPE)

πŸ“¦
Hp

Identity Driven Manager

= 4.0
πŸ“¦
Hp

Procurve Manager

= 3.20
πŸ“¦
Hp

Procurve Manager

= 4.0

References & Advisories

πŸ”— http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
πŸ”— http://secunia.com/advisories/54788
πŸ”— http://www.securitytracker.com/id/1029010
πŸ”— http://zerodayinitiative.com/advisories/ZDI-13-226/
πŸ”— http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409
πŸ”— http://secunia.com/advisories/54788
πŸ”— http://www.securitytracker.com/id/1029010
πŸ”— http://zerodayinitiative.com/advisories/ZDI-13-226/

Related Vulnerabilities

CVE-2013-481210.0

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identi...

CVE-2013-481310.0

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager ...

CVE-2013-48109.8

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management...

CVE-2013-48097.5

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Ident...