Authentication Bypass and Arbitrary Code Execution in HP SiteScope 10.1x and 11.x (ZDI-CAN-1765)

Authentication Bypass and Arbitrary Code Execution in HP SiteScope 10.1x and 11.x (ZDI-CAN-1765)

CVE-2013-4835 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

Learn more about our Api Penetration Testing.