The HP ProCurve Manager (PCM) was found to expose unauthenticated JMXInvokerServlet and EJBInvokerServlet interfaces. A remote attacker could exploit this flaw to invoke MBean methods and run arbitrary code in the context of the user running the PCM server.
Statement: CVE-2013-4810 refers to the exposure of unauthenticated JMXInvokerServlet and EJBInvokerServlet interfaces on HP ProCurve Manager (PCM). These servlets are also, however, exposed without authentication on older, unsupported community releases of JBoss AS (WildFly) 4.x and 5.x. All supported Red Hat JBoss products that include the JMXInvokerServlet and EJBInvokerServlet interfaces apply authentication by default and are not affected by this issue. Community releases of JBoss AS (WildFly) 7.x are also not affected by this issue. Users of older, unsupported community releases of JBoss AS (WildFly) are advised to follow the instructions available here to apply authentication to the invoker servlet interfaces: https://community.jboss.org/wiki/SecureJboss/ Note: Red Hat has been aware of this issue since 2012, as identified in CVE-2012-0874, and addressed the issue for supported Red Hat JBoss products based on JBoss AS 4.x and 5.x.
External References: https://access.redhat.com/site/articles/545183