HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay?docId=emr_na-c03897409

marc.info?l=bugtraq&m=138696448823753&w=2

marc.info?l=bugtraq&m=143039425503668&w=2

secunia.com/advisories/54788

www.securitytracker.com/id/1029010

zerodayinitiative.com/advisories/ZDI-13-229

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810

www.exploit-db.com/exploits/28713

prion 5

cve 5

nessus 18

openvas 3

seebug 5

securityvulns 13

veracode 9

saint 8

cisa_kev 2

canvas 1

threatpost 4

packetstorm 4

metasploit 1

attackerkb 1

checkpoint_advisories 2

thn 2

zdi 1

cert 1

exploitdb 4

exploitpack 1

hackerone 1

nmap 1

kitploit 2

redhat 9

fireeye 1

prion

Design/Logic Flaw

2013-09-16 13:01:00

Input validation

2010-04-28 22:30:00

Authentication flaw

2007-02-21 11:28:00

cve

CVE-2013-4810

2013-09-16 13:01:00

CVE-2010-0738

2010-04-28 22:30:00

CVE-2012-0874

2013-02-05 23:55:00

nessus

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities

2013-10-14 00:00:00

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

2011-04-08 00:00:00

JBoss Java Object Deserialization RCE

2015-12-10 00:00:00

openvas

Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution

2013-10-15 00:00:00

Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check

2019-07-12 00:00:00

Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check

2010-04-28 00:00:00

seebug

JBoss JMX Console Beanshell Deployer WAR upload and deployment

2014-07-01 00:00:00

JBoss addURL Misconfiguration Attack

2011-10-05 00:00:00

JBoss, JMX Console, misconfigured DeploymentScanner

2014-07-01 00:00:00

securityvulns

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-10-31 00:00:00

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-11-21 00:00:00

EMC Data Protection Advisor / Connectrix Manager security vulnerabilities

2014-01-08 00:00:00

veracode

Information Disclosure

2020-04-10 00:42:53

Plaintext Weak Encryption

2019-05-02 04:46:04

Privilege Escalation

2019-05-02 04:46:47

saint

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

cisa_kev

Red Hat JBoss Authentication Bypass Vulnerability

2022-05-25 00:00:00

HP Multiple Products Remote Code Execution Vulnerability

2022-03-25 00:00:00

canvas

Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER

2010-04-28 22:30:00

threatpost

JBoss Worm Exploiting Old Bug to Infect Unpatched Servers

2011-10-21 11:50:17

JBoss AS Attacks Up Since Exploit Code Disclosed

2013-11-19 16:07:59

3.2 Million Servers Vulnerable to JBoss Attack

2016-04-18 14:11:34

packetstorm

JBoss JMX Console Beanshell Deployer WAR Upload And Deployment

2010-06-24 00:00:00

JBoss addURL Misconfiguration Attack

2011-10-03 00:00:00

JBoss DeploymentFileRepository WAR Deployment

2012-09-05 00:00:00

metasploit

JBoss JMX Console Deployer Upload and Execute

2012-07-10 17:33:28

attackerkb

CVE-2010-0738

2010-04-28 00:00:00

checkpoint_advisories

RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)

2010-06-29 00:00:00

JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)

2019-01-29 00:00:00

thn

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 04:13:00

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 15:13:00

zdi

HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability

2013-09-11 00:00:00

cert

JBoss Application Server may not properly restrict access to the administrative interface

2007-02-20 00:00:00

exploitdb

JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)

2011-01-10 00:00:00

JBoss & JMX Console - Misconfigured Deployment Scanner

2011-10-03 00:00:00

JBoss JMX - Console Deployer Upload and Execute (Metasploit)

2010-10-19 00:00:00

exploitpack

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

2015-02-03 00:00:00

hackerone

Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

2019-02-27 10:58:19

nmap

http-vuln-cve2010-0738 NSE Script

2012-09-07 23:42:39

kitploit

clusterd - Application Server Attack Toolkit

2017-09-25 21:04:00

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

redhat

(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update

2010-04-27 00:00:00

(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update

2013-02-20 00:00:00

(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update

2013-01-31 00:00:00

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for AKB:042526B3-4F4D-49D3-A3D1-B483FB66CF4C