Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4811 — Improper Input Validation in HP Identity Driven Manager

CWE-20 — Improper Input Validation6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

83.5%

top 0.71%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Identity Driven Manager HP Procurve Manager

Timeline

PublishedSep 16

Latest updateMay 17

Description

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDhp/identity_driven_manager4.0

▶NVDhp/procurve_manager3.20, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-qg69-3jj3-483m: UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3↗2022-05-17

▶

CVEList

CVE-2013-4811: UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3↗2013-09-13

▶

💥Exploits & PoCs

Exploit-DB

HP ProCurve Manager - SNAC UpdateDomainControllerServlet Arbitrary File Upload (Metasploit)↗2013-09-17

▶

Metasploit

HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload↗

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter February 2026↗

▶