Vulnerability Description
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Identity Driven Manager | 4.0 |
| Hp | Procurve Manager | 3.20 |
Related Weaknesses (CWE)
References
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?dVendor Advisory
- http://secunia.com/advisories/54788
- http://www.securitytracker.com/id/1029010
- http://zerodayinitiative.com/advisories/ZDI-13-227/
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?dVendor Advisory
- http://secunia.com/advisories/54788
- http://www.securitytracker.com/id/1029010
- http://zerodayinitiative.com/advisories/ZDI-13-227/
FAQ
What is CVE-2013-4809?
CVE-2013-4809 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitra...
How severe is CVE-2013-4809?
CVE-2013-4809 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4809?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Identity Driven Manager, Hp Procurve Manager.