SQL Injection in Hp Identity_driven_manager

CVE-2013-4809

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2)…

Vulnerability class: SQL Injection

EPSS: 0.009 (75.5th percentile) — read the EPSS interpretation.

Affected products

Hp Identity_driven_manager — versions 4.0
Hp Procurve_manager — versions 3.20, 4.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

HPSBPV02918 (Vendor Advisory, x_refsource_HP, vendor-advisory)
hp-security-alert@hp.com (x_refsource_MISC)
1029010 (vdb-entry, x_refsource_SECTRACK)
54788 (x_refsource_SECUNIA, third-party-advisory)