Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4812 — Improper Input Validation in HP Identity Driven Manager

CWE-20 — Improper Input Validation6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

74.0%

top 1.17%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

HP Identity Driven Manager HP Procurve Manager

Timeline

PublishedSep 16

Latest updateMay 17

Description

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDhp/identity_driven_manager4.0

▶NVDhp/procurve_manager3.20, 4.0+1

🔴Vulnerability Details

GHSA

GHSA-pqwr-88wq-5h52: UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3↗2022-05-17

▶

CVEList

CVE-2013-4812: UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3↗2013-09-13

▶

💥Exploits & PoCs

Exploit-DB

HP ProCurve Manager SNAC - UpdateCertificatesServlet Arbitrary File Upload (Metasploit)↗2013-09-17

▶

Metasploit

HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload↗

▶

🕵️Threat Intelligence

Greynoiseio

NoiseLetter March 2026↗

▶