HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHP Application Lifecycle Management
APPHpwszystkie wersjeHP Procurve Manager
APPHp3.204.0
CISA KEV — szczegółyi
- Dostawcai
- Hewlett Packard (HP)
- Produkti
- ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
- Data dodania do KEVi
- 25 marca 2022
- Termin remediation (USA)i
- 15 kwietnia 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM) oraz Application Lifecycle Management umożliwiają atakującym ze zdalnego dostępu wykonanie arbitralnego kodu poprzez zserializowany obiekt do (1) EJBInvokerServlet lub (2) JMXInvokerServlet.
▸ Pokaż oryginał (EN)
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.
Powiązane podatności
Unspecified vulnerability in the client component in HP Application LifeCycle Management (ALM) before 11 p11 a...
Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component befor...
Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.2...
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ ...
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20...