HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Affected configurations

NVD

Node

hpapplication_lifecycle_managementMatch-

hpidentity_driven_managerMatch4.0

hpprocurve_managerMatch3.20

hpprocurve_managerMatch3.20plus

hpprocurve_managerMatch4.0

hpprocurve_managerMatch4.0plus

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

marc.info/?l=bugtraq&m=138696448823753&w=2

marc.info/?l=bugtraq&m=143039425503668&w=2

secunia.com/advisories/54788

www.securitytracker.com/id/1029010

zerodayinitiative.com/advisories/ZDI-13-229/

www.exploit-db.com/exploits/28713/

attackerkb 2

prion 5

cve 5

cvelist 5

nessus 18

openvas 3

seebug 5

saint 8

veracode 9

cisa_kev 2

packetstorm 4

securityvulns 13

thn 2

checkpoint_advisories 2

threatpost 4

zdi 1

canvas 1

metasploit 1

nvd 4

cert 1

redhatcve 1

exploitdb 4

exploitpack 1

hackerone 1

nmap 1

kitploit 2

redhat 9

fireeye 1

attackerkb

CVE-2013-4810

2013-09-16 00:00:00

CVE-2010-0738

2010-04-28 00:00:00

prion

Design/Logic Flaw

2013-09-16 13:01:00

Input validation

2010-04-28 22:30:00

Design/Logic Flaw

2013-02-05 23:55:00

cve

CVE-2013-4810

2013-09-16 13:01:46

CVE-2012-0874

2013-02-05 23:55:01

CVE-2010-0738

2010-04-28 22:30:00

cvelist

CVE-2013-4810

2013-09-13 18:00:00

CVE-2010-0738

2010-04-28 22:00:00

CVE-2007-1036

2007-02-21 11:00:00

nessus

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities

2013-10-14 00:00:00

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

2011-04-08 00:00:00

Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)

2013-07-11 00:00:00

openvas

Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution

2013-10-15 00:00:00

Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check

2019-07-12 00:00:00

Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check

2010-04-28 00:00:00

seebug

JBoss addURL Misconfiguration Attack

2011-10-05 00:00:00

JBoss JMX Console Beanshell Deployer WAR upload and deployment

2014-07-01 00:00:00

JBoss Enterprise Application Platform 多个安全绕过漏洞(CVE-2012-0874)

2013-02-03 00:00:00

saint

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Code Execution

2013-10-23 00:00:00

veracode

Information Disclosure

2020-04-10 00:42:53

Plaintext Weak Encryption

2019-05-02 04:46:04

Privilege Escalation

2019-05-02 04:46:47

cisa_kev

Red Hat JBoss Authentication Bypass Vulnerability

2022-05-25 00:00:00

HP Multiple Products Remote Code Execution Vulnerability

2022-03-25 00:00:00

packetstorm

JBoss addURL Misconfiguration Attack

2011-10-03 00:00:00

JBoss JMX Console Beanshell Deployer WAR Upload And Deployment

2010-06-24 00:00:00

JBoss DeploymentFileRepository WAR Deployment

2012-09-05 00:00:00

securityvulns

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-10-31 00:00:00

ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability

2014-01-08 00:00:00

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-11-21 00:00:00

thn

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 04:13:00

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 15:13:00

checkpoint_advisories

JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)

2019-01-29 00:00:00

RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)

2010-06-29 00:00:00

threatpost

JBoss AS Attacks Up Since Exploit Code Disclosed

2013-11-19 16:07:59

JBoss Worm Exploiting Old Bug to Infect Unpatched Servers

2011-10-21 11:50:17

3.2 Million Servers Vulnerable to JBoss Attack

2016-04-18 14:11:34

zdi

HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability

2013-09-11 00:00:00

canvas

Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER

2010-04-28 22:30:00

metasploit

JBoss JMX Console Deployer Upload and Execute

2012-07-10 17:33:28

nvd

CVE-2010-0738

2010-04-28 22:30:00

CVE-2007-1036

2007-02-21 11:28:00

CVE-2012-0874

2013-02-05 23:55:01

cert

JBoss Application Server may not properly restrict access to the administrative interface

2007-02-20 00:00:00

redhatcve

CVE-2007-1036

2015-10-30 09:24:46

exploitdb

JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)

2011-01-10 00:00:00

JBoss & JMX Console - Misconfigured Deployment Scanner

2011-10-03 00:00:00

JBoss JMX - Console Deployer Upload and Execute (Metasploit)

2010-10-19 00:00:00

exploitpack

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

2015-02-03 00:00:00

hackerone

Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

2019-02-27 10:58:19

nmap

http-vuln-cve2010-0738 NSE Script

2012-09-07 23:42:39

kitploit

clusterd - Application Server Attack Toolkit

2017-09-25 21:04:00

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

redhat

(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update

2010-04-27 00:00:00

(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update

2013-01-31 00:00:00

(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update

2013-02-20 00:00:00

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

Related for NVD:CVE-2013-4810

attackerkb2 prion5 cve5 cvelist5 nessus18 openvas3 seebug5 saint8 veracode9 cisa_kev2 packetstorm4 securityvulns13 thn2 checkpoint_advisories2 threatpost4 zdi1 canvas1 metasploit1 nvd4 cert1 redhatcve1 exploitdb4 exploitpack1 hackerone1 nmap1 kitploit2 redhat9 fireeye1