CVE-2013-4835
Published Nov 4, 2013
Last updated 7 years ago
Overview
- Description
- The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
- Source
- hp-security-alert@hp.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:sitescope:10.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35BC44DF-A9E0-4789-9646-B6142A68682D"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:10.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C62A1094-99FA-4730-9550-133D3C428A7E"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "814ADE5D-DCCD-4C68-BB3D-32828547C361"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7C7FCC3-5C45-4A94-AA8D-17C484325255"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1C9A83F-4592-42E6-AB6B-4A6F2473776A"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C55233A3-9D1B-4C63-8362-AF6630D3ECAA"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "309EBA0A-9F62-4852-895A-A1E68E4AEE70"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8172205D-C9CE-487E-BF67-33A46EBF056E"
},
{
"criteria": "cpe:2.3:a:hp:sitescope:11.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F8F86F8-D697-44B8-9216-2319EF7A76D6"
}
],
"operator": "OR"
}
]
}
]