CVE-2013-4810 — CRITICAL (9.8)

Vulnerability Description

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hp	Application Lifecycle Management	-
Hp	Procurve Manager	3.20

Related Weaknesses (CWE)

CWE-94

References

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?dBroken LinkVendor Advisory
http://marc.info/?l=bugtraq&m=138696448823753&w=2Mailing List
http://marc.info/?l=bugtraq&m=143039425503668&w=2Mailing List
http://secunia.com/advisories/54788Broken LinkVendor Advisory
http://www.securitytracker.com/id/1029010Broken LinkThird Party AdvisoryVDB Entry
http://zerodayinitiative.com/advisories/ZDI-13-229/Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/28713/ExploitThird Party AdvisoryVDB Entry
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?dBroken LinkVendor Advisory
http://marc.info/?l=bugtraq&m=138696448823753&w=2Mailing List
http://marc.info/?l=bugtraq&m=143039425503668&w=2Mailing List
http://secunia.com/advisories/54788Broken LinkVendor Advisory
http://www.securitytracker.com/id/1029010Broken LinkThird Party AdvisoryVDB Entry
http://zerodayinitiative.com/advisories/ZDI-13-229/Third Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/28713/ExploitThird Party AdvisoryVDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-US Government Resource

FAQ

What is CVE-2013-4810?

CVE-2013-4810 is a vulnerability with a CVSS score of 9.8 (CRITICAL). HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled obj...

How severe is CVE-2013-4810?

CVE-2013-4810 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2013-4810?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Application Lifecycle Management, Hp Procurve Manager.