SQL Injection Vulnerabilities in HP ProCurve Manager and Identity Driven Manager
CVE-2013-4809

Currently unrated

Key Information:

Vendor: HP
Status: Procurve Manager; Identity Driven Manager
Vendor: CVE Published:; 16 September 2013

Summary

The vulnerabilities identified in HP ProCurve Manager and Identity Driven Manager allow remote attackers to exploit SQL injection flaws through crafted requests. By manipulating parameters such as 'sort' or 'dir', unauthorized users can execute arbitrary SQL commands, potentially compromising database integrity and confidentiality. This security issue underscores the need for proper input validation and security measures to defend against injection attacks.

References

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

http://zerodayinitiative.com/advisories/ZDI-13-227/

x_refsource_MISC

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Sep 16, 2013
Vulnerability Reserved
Jul 12, 2013