HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

CPENameOperatorVersion
identity_driven_managereq4.0
procurve_managereq3.20
procurve_managereq4.0
procurve_managereq3.20
procurve_managereq4.0

Name	Operator	Version
identity_driven_manager	eq	4.0
procurve_manager	eq	3.20
procurve_manager	eq	4.0
procurve_manager	eq	3.20
procurve_manager	eq	4.0

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

secunia.com/advisories/54788

www.securitytracker.com/id/1029010

zerodayinitiative.com/advisories/ZDI-13-229/

marc.info/?l=bugtraq&m=138696448823753&w=2

marc.info/?l=bugtraq&m=143039425503668&w=2

www.exploit-db.com/exploits/28713/

attackerkb 2

cve 5

nessus 18

openvas 3

veracode 9

seebug 5

saint 8

cisa_kev 2

securityvulns 13

prion 4

packetstorm 4

canvas 1

threatpost 4

metasploit 1

thn 2

checkpoint_advisories 2

cert 1

zdi 1

exploitdb 4

exploitpack 1

hackerone 1

nmap 1

kitploit 2

redhat 9

fireeye 1

attackerkb

CVE-2013-4810

2013-09-16 00:00:00

CVE-2010-0738

2010-04-28 00:00:00

cve

CVE-2013-4810

2013-09-16 13:01:00

CVE-2010-0738

2010-04-28 22:30:00

CVE-2012-0874

2013-02-05 23:55:00

nessus

Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities

2013-10-14 00:00:00

JBoss Enterprise Application Platform '/jmx-console' Authentication Bypass

2011-04-08 00:00:00

Cisco Prime Data Center Network Manager RMI Remote Code Execution (uncredentialed check)

2013-07-11 00:00:00

openvas

Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution

2013-10-15 00:00:00

Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check

2019-07-12 00:00:00

Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check

2010-04-28 00:00:00

veracode

Information Disclosure

2020-04-10 00:42:53

Plaintext Weak Encryption

2019-05-02 04:46:04

Information Disclosure

2019-05-02 04:46:22

seebug

JBoss addURL Misconfiguration Attack

2011-10-05 00:00:00

JBoss JMX Console Beanshell Deployer WAR upload and deployment

2014-07-01 00:00:00

JBoss, JMX Console, misconfigured DeploymentScanner

2014-07-01 00:00:00

saint

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

2010-06-07 00:00:00

cisa_kev

Red Hat JBoss Authentication Bypass Vulnerability

2022-05-25 00:00:00

HP Multiple Products Remote Code Execution Vulnerability

2022-03-25 00:00:00

securityvulns

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-10-31 00:00:00

[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

2011-11-21 00:00:00

EMC Data Protection Advisor / Connectrix Manager security vulnerabilities

2014-01-08 00:00:00

prion

Input validation

2010-04-28 22:30:00

Authentication flaw

2007-02-21 11:28:00

Design/Logic Flaw

2013-02-05 23:55:00

packetstorm

JBoss addURL Misconfiguration Attack

2011-10-03 00:00:00

JBoss JMX Console Beanshell Deployer WAR Upload And Deployment

2010-06-24 00:00:00

JBoss DeploymentFileRepository WAR Deployment

2012-09-05 00:00:00

canvas

Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER

2010-04-28 22:30:00

threatpost

JBoss Worm Exploiting Old Bug to Infect Unpatched Servers

2011-10-21 11:50:17

JBoss AS Attacks Up Since Exploit Code Disclosed

2013-11-19 16:07:59

3.2 Million Servers Vulnerable to JBoss Attack

2016-04-18 14:11:34

metasploit

JBoss JMX Console Deployer Upload and Execute

2012-07-10 17:33:28

thn

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 04:13:00

Two-year-old vulnerability in JBoss Application Servers enables Remote Shell for Hackers

2013-11-21 15:13:00

checkpoint_advisories

RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)

2010-06-29 00:00:00

JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)

2019-01-29 00:00:00

cert

JBoss Application Server may not properly restrict access to the administrative interface

2007-02-20 00:00:00

zdi

HP PCM+ and Application Lifecycle Management JBoss Invoker Servlets Marshalled Object Remote Code Execution Vulnerability

2013-09-11 00:00:00

exploitdb

JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)

2011-01-10 00:00:00

JBoss & JMX Console - Misconfigured Deployment Scanner

2011-10-03 00:00:00

JBoss JMX - Console Deployer Upload and Execute (Metasploit)

2010-10-19 00:00:00

exploitpack

Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

2015-02-03 00:00:00

hackerone

Starbucks: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

2019-02-27 10:58:19

nmap

http-vuln-cve2010-0738 NSE Script

2012-09-07 23:42:39

kitploit

clusterd - Application Server Attack Toolkit

2017-09-25 21:04:00

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

redhat

(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update

2010-04-27 00:00:00

(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update

2013-02-20 00:00:00

(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update

2013-01-31 00:00:00

fireeye

Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two

2020-04-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.915 High

EPSS

Percentile

98.8%

JSON

Related for PRION:CVE-2013-4810