CVE-2013-4835 | Vulnerability Database | Aqua Security

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

Affected Software

Name	Vendor	Start Version	End Version
Sitescope	Hp	10.11 (including)	10.11 (including)
Sitescope	Hp	10.13 (including)	10.13 (including)
Sitescope	Hp	11.01 (including)	11.01 (including)
Sitescope	Hp	11.1 (including)	11.1 (including)
Sitescope	Hp	11.10 (including)	11.10 (including)
Sitescope	Hp	11.11 (including)	11.11 (including)
Sitescope	Hp	11.12 (including)	11.12 (including)
Sitescope	Hp	11.20 (including)	11.20 (including)
Sitescope	Hp	11.21 (including)	11.21 (including)

References

http://www.exploit-db.com/exploits/30473
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03969435
http://www.exploit-db.com/exploits/30473
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03969435

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-4835
CWE	https://cwe.mitre.org/data/definitions/.html