What is CVE-2013-4835?

CVE-2013-4835 is a vulnerability in Hp Sitescope. Published 2013-11-04.

Is CVE-2013-4835 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hp Sitescope

CVE-2013-4835

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

EPSS: 0.780 (99.0th percentile) — read the EPSS interpretation.

Affected products

Hp Sitescope — versions 10.11, 10.13, 11.01
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

SSRT101126 (Vendor Advisory, x_refsource_HP, vendor-advisory)
30473 (exploit, x_refsource_EXPLOIT-DB)
hp-security-alert@hp.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2013-4835?: CVE-2013-4835 is a vulnerability in Hp Sitescope. Published 2013-11-04.
Is CVE-2013-4835 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.