Lucene search

[email protected]CVE-2013-4809

HistorySep 16, 2013 - 1:01 p.m.

CVE-2013-4809

2013-09-1613:01:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-4809

hp procurve manager

pcm

pcm+

identity driven manager

sql injection

remote attack

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.3%

JSON

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter.

CPENameOperatorVersion
hp:procurve_managerhp procurve managereq3.20
hp:procurve_managerhp procurve managereq4.0
hp:identity_driven_managerhp identity driven managereq4.0

CPE	Name	Operator	Version
hp:procurve_manager	hp procurve manager	eq	3.20
hp:procurve_manager	hp procurve manager	eq	4.0
hp:identity_driven_manager	hp identity driven manager	eq	4.0

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

secunia.com/advisories/54788

www.securitytracker.com/id/1029010

zerodayinitiative.com/advisories/ZDI-13-227/

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.059 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2013-4809

zdi1 prion1 securityvulns4