CVE-2013-4822

HP IMC and IMC Branch Intelligent Management System Software Module - Remote Code Execution

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4822. PoCs published by Metasploit, including Metasploit module exploits/windows/http/hp_imc_bims_upload.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in HP Intelligent Management Center BIMS UploadServlet (CVE-2013-4822) to upload and execute a malicious JSP payload, achieving remote code execution.

Description

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/29130

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in HP Intelligent Management Center BIMS UploadServlet (CVE-2013-4822) to upload and execute a malicious JSP payload, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: HP Intelligent Management Center 5.1 E0202 - 5.2 E0401 / BIMS 5.1 E0201 - 5.2 E0401

No auth needed

Prerequisites: Network access to the target server · UploadServlet endpoint accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hp_imc_bims_upload.rb

View Code ZIP pw:eip

This Metasploit module exploits a directory traversal vulnerability in HP Intelligent Management Center's BIMS UploadServlet to upload and execute a malicious JSP payload, achieving remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: HP Intelligent Management Center 5.1 E0202 - 5.2 E0401 / BIMS 5.1 E0201 - 5.2 E0401

No auth needed

Prerequisites: Network access to the target's UploadServlet interface · Target running vulnerable HP IMC BIMS version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943425

Scores

EPSS 0.6262

EPSS Percentile 99.1%

Details

Status published

Products (7)

hp/imc_branch_intelligent_management_system_software_module 5.0

hp/imc_branch_intelligent_management_system_software_module 5.1

hp/imc_branch_intelligent_management_system_software_module 5.2

hp/intelligent_management_center

hp/intelligent_management_center 5.0 (6 CPE variants)

hp/intelligent_management_center 5.1 (2 CPE variants)

hp/intelligent_management_center 5.2

Published Oct 13, 2013

Tracked Since Feb 18, 2026