Cyber Resilience

CVE-2013-4810

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 16 September 2013

Published
16 September 2013
Modified
21 April 2026
KEV Added
25 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8970 99.6th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-4810 is a critical-severity Code Injection (CWE-94) vulnerability in Hp Procurve Manager. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management contain a remote code execution vulnerability tracked as CVE-2013-4810. The flaw, assigned CWE-94, permits unauthenticated attackers to supply a marshalled object to the EJBInvokerServlet or JMXInvokerServlet endpoints, resulting in arbitrary code execution on the server. It carries a CVSS 3.1 score of 9.8 and is noted as likely duplicative of earlier issues in similar servlet invoker components.

An attacker with network access can send a crafted request containing the malicious marshalled object directly to the exposed servlets. Successful exploitation grants the attacker the ability to execute arbitrary code with the privileges of the affected application process, potentially leading to full system compromise without requiring authentication or user interaction.

HP published remediation guidance in security bulletin c03897409, while additional details appear in Secunia advisory 54788 and SecurityTracker entry 1029010. The references also point to related disclosures on the Bugtraq mailing list that discuss the same class of invoker servlet exposure.

EU & UK References

Vulnerability details

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE:…

more

this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

hp
application lifecycle management
all versions
hp
procurve manager
3.20, 4.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces authorization checks on EJBInvokerServlet and JMXInvokerServlet so unauthenticated marshalled-object requests are rejected before code execution occurs.

prevent

Boundary-protection rules can block external network traffic to the exposed invoker servlets, eliminating the remote attack vector described in the CVE.

prevent

Least-functionality configuration disables or removes unnecessary invoker servlets, directly reducing the attack surface that permits unauthenticated RCE.

References