Critical severity9.8CISA KEVNVD Advisory· Published Sep 16, 2013· Updated Apr 21, 2026

CVE-2013-4810

Description

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

Affected products

HP/Application Lifecycle Management
cpe:2.3:a:hp:application_lifecycle_management:-:*:*:*:*:*:*:*
HP/Procurve Manager4 versions
cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:-:*:*:*
- cpe:2.3:a:hp:procurve_manager:3.20:*:*:*:plus:*:*:*
- cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:-:*:*:*
- cpe:2.3:a:hp:procurve_manager:4.0:*:*:*:plus:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/28713/nvdExploitThird Party AdvisoryVDB Entry
h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/nvdBroken LinkVendor Advisory
secunia.com/advisories/54788nvdBroken LinkVendor Advisory
www.securitytracker.com/id/1029010nvdBroken LinkThird Party AdvisoryVDB Entry
zerodayinitiative.com/advisories/ZDI-13-229/nvdThird Party AdvisoryVDB Entry
marc.infonvdMailing List
marc.infonvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.072
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000