CVE-2013-4826

HP Intelligent Management Center Exposure of Sensitive Information

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4826. Includes Metasploit module auxiliary/scanner/http/hp_imc_som_file_download.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated arbitrary file download vulnerability in HP Intelligent Management Center's SOM component via the FileDownloadServlet. It allows retrieval of arbitrary files with SYSTEM privileges by sending a crafted GET request with base64-encoded file paths.

Description

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647.

Exploits (1)

metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/hp_imc_som_file_download.rb

This Metasploit module exploits an unauthenticated arbitrary file download vulnerability in HP Intelligent Management Center's SOM component via the FileDownloadServlet. It allows retrieval of arbitrary files with SYSTEM privileges by sending a crafted GET request with base64-encoded file paths.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: HP Intelligent Management Center 5.2_E0401 with SOM 5.2 E0401
No auth needed
Prerequisites: Network access to the target's HTTP service (port 8080 by default) · Knowledge of the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.3156
EPSS Percentile 98.1%

Details

CWE
CWE-200
Status published
Products (2)
hp/imc_service_operation_management_software_module
hp/intelligent_management_center
Published Oct 13, 2013
Tracked Since Feb 18, 2026