Authentication Bypass Vulnerability in HP SiteScope 10.1x and 11.x
CVE-2013-4835
Currently unrated
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC🟣 EPSS 79%
What is CVE-2013-4835?
The APISiteScopeImpl SOAP service in HP SiteScope versions 10.1x and 11.x prior to 11.22 has a significant security flaw that allows remote attackers to bypass authentication mechanisms. This vulnerability can be exploited via a direct request to the issueSiebelCmd method, enabling unauthorized users to execute arbitrary code. As a result, the integrity and confidentiality of the data processed by these products may be compromised, making it crucial for users to apply the necessary patches to protect their systems.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.