Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4835

4 documents4 sources
Severity
7.5HIGH
EPSS
78.0%
top 0.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Sitescope
Timeline
PublishedNov 4
Latest updateMay 17

Description

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDhp/sitescope9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-w66p-8v74-6j3w: The APISiteScopeImpl SOAP service in HP SiteScope 102022-05-17
CVEList
CVE-2013-4835: The APISiteScopeImpl SOAP service in HP SiteScope 102013-11-04

💥Exploits & PoCs

1
Exploit-DB
HP SiteScope issueSiebelCmd - Remote Code Execution (Metasploit)2013-12-24
CVE-2013-4835 (HIGH CVSS 7.5) | The APISiteScopeImpl SOAP service i | cvebase.io