CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-4827 – Hewlett-Packard Intelligent Management Center APM monitorId SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2013-4827
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664. Vulnerabilidad de inyección SQL en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especificar, también conocido como ZDI-CAN-1664. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the APM module's AppDataDaoImpl class. The monitorId parameter does not sufficiently sanitize input, allowing for SQL injection without authentication. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 97%CPEs: 2EXPL: 0CVE-2013-4824 – Hewlett-Packard Intelligent Management Center SOM euAccountService Servlet Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-4824
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-1644. Vulnerabilidad no especificada en P Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos sortear la autenticación a través de vectores desconocidos, tambien conocido como ZDI-CAN-1644. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOM's euAccountService servlet. No authentication is required to take advantage of this vulnerability, which allows the creation of a web administration account. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 10%CPEs: 2EXPL: 0CVE-2013-4826 – Hewlett-Packard Intelligent Management Center SOM sdFileDownload Servlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-4826
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos obtener información sensible a través de vectores desconocidos, tambien conocido como ZDI-CAN-1647 This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sdFileDownload servlet. Authentication is not required to access this servlet, which allows any file readable by SYSTEM to be disclosed. By abusing this behavior an attacker can disclose administrative credentials and possibly leverage this situation to achieve remote code execution. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0CVE-2013-4825 – Hewlett-Packard Intelligent Management Center CommonUtils Static DES/ECB Decryption Key Vulnerability
https://notcve.org/view.php?id=CVE-2013-4825
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645. Vulnerabilidad no especificada en HP Intelligent Management Center (iMC) y HP IMC Service Operation Management Software Module permite a atacantes remotos sortear restricciones de acceso a través de vectores deconocidos, tambien conocido como ZDI-CAN-1645. This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CommonUtil class. This application uses a static key and the DES algorithm in ECB mode to store Administrator credentials. • https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547 • CWE-264: Permissions, Privileges, and Access Controls •