Authentication Bypass and Arbitrary Code Execution in HP SiteScope 10.1x and 11.x (ZDI-CAN-1765)
CVE-2013-4835 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
Learn more about our Api Penetration Testing.