Vulnerability Description
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Identity Driven Manager | 4.0 |
| Hp | Procurve Manager | 3.20 |
Related Weaknesses (CWE)
References
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?dVendor Advisory
- http://secunia.com/advisories/54788
- http://www.securitytracker.com/id/1029010
- http://zerodayinitiative.com/advisories/ZDI-13-226/
- http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?dVendor Advisory
- http://secunia.com/advisories/54788
- http://www.securitytracker.com/id/1029010
- http://zerodayinitiative.com/advisories/ZDI-13-226/
FAQ
What is CVE-2013-4811?
CVE-2013-4811 is a vulnerability with a CVSS score of 10.0 (HIGH). UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert ...
How severe is CVE-2013-4811?
CVE-2013-4811 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4811?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Identity Driven Manager, Hp Procurve Manager.