CVE-2013-4835
HP SiteScope issueSiebelCmd SOAP Request Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
El servicio SOAP de APISiteScopeImpl en HP SiteScope versiones 10.1x y versiones 11.x anteriores a 11.22, permite a los atacantes remotos omitir la autenticación y ejecutar código arbitrario mediante una petición directa al método issueSiebelCmd, también conocido como ZDI-CAN-1765.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the issueSiebelCmd() web method. A remote attacker can abuse this web method in order to remotely execute code under the context of the SYSTEM user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-07-12 CVE Reserved
- 2013-11-02 CVE Published
- 2013-12-24 First Exploit
- 2024-08-06 CVE Updated
- 2024-09-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30473 | 2013-12-24 | |
| http://www.exploit-db.com/exploits/30473 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435 | 2017-07-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 10.11 Search vendor "Hp" for product "Sitescope" and version "10.11" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 10.13 Search vendor "Hp" for product "Sitescope" and version "10.13" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.01 Search vendor "Hp" for product "Sitescope" and version "11.01" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.1 Search vendor "Hp" for product "Sitescope" and version "11.1" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.10 Search vendor "Hp" for product "Sitescope" and version "11.10" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.11 Search vendor "Hp" for product "Sitescope" and version "11.11" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.12 Search vendor "Hp" for product "Sitescope" and version "11.12" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.20 Search vendor "Hp" for product "Sitescope" and version "11.20" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Sitescope Search vendor "Hp" for product "Sitescope" | 11.21 Search vendor "Hp" for product "Sitescope" and version "11.21" | - |
Affected
| ||||||