CVE-2013-4823
published 2013-10-13CVE-2013-4823: Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote…
PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
37.54%
98.3th percentile
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1607.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | imc_branch_intelligent_management_system_software_module | — | — |
| hp | imc_branch_intelligent_management_system_software_module | — | — |
| hp | imc_branch_intelligent_management_system_software_module | — | — |
| hp | intelligent_management_center | — | — |
| hp | intelligent_management_center | — | — |
| hp | intelligent_management_center | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for unauthenticated HTTP requests to the DownloadServlet endpoint (/imc/bims/downloadServlet) containing directory traversal sequences (e.g., ../../../../) in the fileName parameter ↗
- →Alert on requests to /imc/bims/downloadServlet with a fileName parameter containing path traversal patterns (../) — no authentication is required by the vulnerable endpoint, so any such request from an external/untrusted source is suspicious ↗
- ·Vulnerability is confirmed on HP IMC 5.1 E0202 with BIMS 5.1 E0201 on Windows 2003 SP2; traversal depth and accessible paths may differ on other OS/version combinations ↗
- ·The vulnerability details (exact vectors) are officially described as unspecified by HP/NVD; the DownloadServlet traversal vector is sourced from the Metasploit module, not the official advisory ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2013-10-13
Published