HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

CPENameOperatorVersion
hp:procurve_managerhp procurve managereq3.20
hp:procurve_managerhp procurve managereq4.0
hp:application_lifecycle_managementhp application lifecycle managementeq-
hp:identity_driven_managerhp identity driven managereq4.0

CPE	Name	Operator	Version
hp:procurve_manager	hp procurve manager	eq	3.20
hp:procurve_manager	hp procurve manager	eq	4.0
hp:application_lifecycle_management	hp application lifecycle management	eq	-
hp:identity_driven_manager	hp identity driven manager	eq	4.0

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

marc.info/?l=bugtraq&m=138696448823753&w=2

marc.info/?l=bugtraq&m=143039425503668&w=2

secunia.com/advisories/54788

www.securitytracker.com/id/1029010

zerodayinitiative.com/advisories/ZDI-13-229/

www.exploit-db.com/exploits/28713/

attackerkb 2

prion 5

nessus 18

openvas 3

saint 8

thn 2

threatpost 4

cisa_kev 2

zdi 1

veracode 9

seebug 5

securityvulns 13

packetstorm 4

canvas 1

metasploit 1

cve 4

checkpoint_advisories 2

cert 1

exploitdb 4

exploitpack 1

hackerone 1

nmap 1

kitploit 2

redhat 9

fireeye 1

attackerkb

CVE-2013-4810

2013-09-16 00:00:00

CVE-2010-0738

2010-04-28 00:00:00

prion

Design/Logic Flaw

2013-09-16 13:01:00

Input validation

2010-04-28 22:30:00

Authentication flaw

2007-02-21 11:28:00

nessus

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities

2013-10-14 00:00:00

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

2011-04-08 00:00:00

Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)

2013-07-11 00:00:00

openvas

Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution

2013-10-15 00:00:00

Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check

2019-07-12 00:00:00

Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check

2010-04-28 00:00:00

saint

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

2013-10-23 00:00:00

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

2013-10-23 00:00:00

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

2013-10-23 00:00:00

thn

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 04:13:00

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 15:13:00

threatpost

JBoss AS Attacks Up Since Exploit Code Disclosed

2013-11-19 16:07:59

JBoss Worm Exploiting Old Bug to Infect Unpatched Servers

2011-10-21 11:50:17

3.2 Million Servers Vulnerable to JBoss Attack

2016-04-18 14:11:34

cisa_kev

HP Multiple Products Remote Code Execution Vulnerability

2022-03-25 00:00:00

Red Hat JBoss Authentication Bypass Vulnerability

2022-05-25 00:00:00

zdi

HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability

2013-09-11 00:00:00

veracode

Information Disclosure

2020-04-10 00:42:53

Plaintext Weak Encryption

2019-05-02 04:46:04

Information Disclosure

2019-05-02 04:46:22

seebug

JBoss addURL Misconfiguration Attack

2011-10-05 00:00:00

JBoss JMX Console Beanshell Deployer WAR upload and deployment

2014-07-01 00:00:00

JBoss, JMX Console, misconfigured DeploymentScanner

2014-07-01 00:00:00

securityvulns

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-10-31 00:00:00

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-11-21 00:00:00

EMC Data Protection Advisor / Connectrix Manager security vulnerabilities

2014-01-08 00:00:00

packetstorm

JBoss addURL Misconfiguration Attack

2011-10-03 00:00:00

JBoss JMX Console Beanshell Deployer WAR Upload And Deployment

2010-06-24 00:00:00

JBoss DeploymentFileRepository WAR Deployment

2012-09-05 00:00:00

canvas

Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER

2010-04-28 22:30:00

metasploit

JBoss JMX Console Deployer Upload and Execute

2012-07-10 17:33:28

cve

CVE-2010-0738

2010-04-28 22:30:00

CVE-2012-0874

2013-02-05 23:55:00

CVE-2007-1036

2007-02-21 11:28:00

checkpoint_advisories

RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)

2010-06-29 00:00:00

JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)

2019-01-29 00:00:00

cert

JBoss Application Server may not properly restrict access to the administrative interface

2007-02-20 00:00:00

exploitdb

JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)

2011-01-10 00:00:00

JBoss & JMX Console - Misconfigured Deployment Scanner

2011-10-03 00:00:00

JBoss JMX - Console Deployer Upload and Execute (Metasploit)

2010-10-19 00:00:00

exploitpack

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

2015-02-03 00:00:00

hackerone

Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

2019-02-27 10:58:19

nmap

http-vuln-cve2010-0738 NSE Script

2012-09-07 23:42:39

kitploit

clusterd - Application Server Attack Toolkit

2017-09-25 21:04:00

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

redhat

(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update

2010-04-27 00:00:00

(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update

2013-02-20 00:00:00

(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update

2013-01-31 00:00:00

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.5 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.915 High

EPSS

Percentile

98.9%

JSON

Related for CVE-2013-4810

attackerkb2 prion5 nessus18 openvas3 saint8 thn2 threatpost4 cisa_kev2 zdi1 veracode9 seebug5 securityvulns13 packetstorm4 canvas1 metasploit1 cve4 checkpoint_advisories2 cert1 exploitdb4 exploitpack1 hackerone1 nmap1 kitploit2 redhat9 fireeye1