ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·3/25/2022
CVE-2013-4810 added to CISA KEV: Hewlett Packard (HP) ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
Status: ✅ Confirmed exploited in the wild
Date added: 2022-03-25
Required action: Apply updates per vendor instructions.
Due date: 2022-04-15
Why this matters
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.
#hewlett-packard-hp#procurve-manager-pcm-pcm-identity-driven-manager-idm-and-application-lifecycle-m#cisa-kev#exploited-itw