⚠ Actively exploited
Added to CISA KEV on 2022-03-25. Federal agencies required to patch by 2022-04-15. Required action: Apply updates per vendor instructions..

CVE-2013-4810Code Injection in HP Procurve Manager

CWE-94Code Injection7 documents7 sources
Severity
9.8CRITICALNVD
CNA7.5
EPSS
89.6%
top 0.44%
CISA KEV
KEV
Added 2022-03-25
Due 2022-04-15
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
HP Procurve Manager
Timeline
PublishedSep 16
KEV addedMar 25
KEV dueApr 15
Latest updateMay 17
CISA Required Action: Apply updates per vendor instructions.

Description

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDhp/procurve_manager3.20, 4.0+1

🔴Vulnerability Details

3
GHSA
GHSA-mm58-72w4-25hp: HP ProCurve Manager (PCM) 32022-05-17
CVEList
CVE-2013-4810: HP ProCurve Manager (PCM) 32013-09-13
VulnCheck
HP Multiple Products Remote Code Execution Vulnerability2013

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object - Remote Code Execution2013-10-04

📋Vendor Advisories

1
CISA
HP Multiple Products Remote Code Execution Vulnerability2022-03-25

💬Community

1
Bugzilla
CVE-2013-4810 HP ProCurve Manager (PCM): invoker servlets do not require authentication2013-11-18
CVE-2013-4810 — Code Injection in HP Procurve Manager | cvebase