Vulnerability Details : CVE-2013-4826
Public exploit exists!
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2013-4826
2.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-4826
-
HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
First seen: 2020-04-26auxiliary/scanner/http/hp_imc_som_file_downloadThis module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the FileDownloadServlet from the SOM component, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on H
CVSS scores for CVE-2013-4826
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4826
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4826
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
Products affected by CVE-2013-4826
- cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:imc_service_operation_management_software_module:-:*:*:*:*:*:*:*