PT-2013-5208 · Hewlett Packard · Hp Procurve Manager+2
Andrea Micalizzi
+1
·
Published
2013-09-11
·
Updated
2025-04-22
·
CVE-2013-4809
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HP ProCurve Manager versions 3.20 through 4.0
HP PCM+ versions 3.20 through 4.0
Identity Driven Manager version 4.0
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
sort or dir parameters in the GetEventsServlet.Recommendations
For HP ProCurve Manager versions 3.20 through 4.0, consider restricting access to the GetEventsServlet until a patch is available.
For HP PCM+ versions 3.20 through 4.0, avoid using the
sort and dir parameters in the GetEventsServlet until the issue is resolved.
For Identity Driven Manager version 4.0, as a temporary workaround, consider disabling the GetEventsServlet function until a patch is available.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp Pcm+
Hp Procurve Manager
Identity Driven Manager