Lucene search

PRIOn knowledge basePRION:CVE-2013-4811

HistorySep 16, 2013 - 1:01 p.m.

Design/Logic Flaw

2013-09-1613:01:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

CPENameOperatorVersion
identity_driven_managereq4.0
procurve_managereq3.20
procurve_managereq4.0
procurve_managereq3.20
procurve_managereq4.0

Name	Operator	Version
identity_driven_manager	eq	4.0
procurve_manager	eq	3.20
procurve_manager	eq	4.0
procurve_manager	eq	3.20
procurve_manager	eq	4.0

References

h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03897409

secunia.com/advisories/54788

www.securitytracker.com/id/1029010

zerodayinitiative.com/advisories/ZDI-13-226/

8.2 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.97 High

EPSS

Percentile

99.7%

JSON

Related for PRION:CVE-2013-4811