Remote Code Execution Vulnerability in HP ProCurve Manager and IDM
CVE-2013-4811

Currently unrated

Key Information:

Vendor: HP
Status: Procurve Manager; Identity Driven Manager
Vendor: CVE Published:; 16 September 2013

Summary

The HP ProCurve Manager and Identity Driven Manager contain a security vulnerability in the UpdateDomainControllerServlet that fails to properly validate the adCert argument. This oversight allows remote attackers to upload malicious .jsp files and potentially execute arbitrary code on the server, leading to unauthorized access and manipulation of system processes. Attackers can exploit this flaw through various unspecified vectors, posing a significant risk to the affected systems.

References

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/...

vendor-advisoryx_refsource_HP

http://www.securitytracker.com/id/1029010

vdb-entryx_refsource_SECTRACK

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 16, 2013
Vulnerability Reserved
Jul 12, 2013