cbcvebase.
CVE-2013-4826
published 2013-10-13

CVE-2013-4826: Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain…

PriorityP340medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
31.56%
98.1th percentile
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

Detection & IOCsextracted from sources · hover to see the quote

url/imc/som/fileDownload
versionHP Intelligent Management Center 5.2_E0401 with SOM 5.2 E0401
  • Detect unauthenticated HTTP requests targeting the FileDownloadServlet endpoint in HP iMC SOM component, which allows arbitrary file download with SYSTEM privileges without authentication.
  • Monitor for remote unauthenticated access to HP iMC SOM FileDownloadServlet; exploitation does not require credentials and can be performed by any remote attacker.
  • ·The vulnerability affects both HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module; both products should be assessed.
  • ·Exploitation was confirmed on Windows 2003 SP2; behavior on other OS platforms may differ.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.