CVE-2013-4835

HP SiteScope <11.22 - Auth Bypass

Title source: llm

Description

The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/30473

View Code ZIP pw:eip

metasploit WORKING POC GREAT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/hp_sitescope_issuesiebelcmd.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969435

[Vendor Advisory] https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03969435

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/30473

Scores

EPSS 0.7800

EPSS Percentile 99.0%

Details

Status published

Products (9)

hp/sitescope 10.11

hp/sitescope 10.13

hp/sitescope 11.01

hp/sitescope 11.1

hp/sitescope 11.10

hp/sitescope 11.11

hp/sitescope 11.12

hp/sitescope 11.20

hp/sitescope 11.21

Published Nov 04, 2013

Tracked Since Feb 18, 2026