The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of HP SiteScope: command execution via issueSiebelCmd

Synthesis of the vulnerability 

An attacker can call the issueSiebelCmd function of HP SiteScope, in order to execute a command on the server.
Vulnerable products: SiteScope.
Severity of this weakness: 3/4.
Creation date: 04/11/2013.
Références of this bulletin: BID-63478, c03969435, CVE-2013-4835, HPSBMU02933, SSRT101126, VIGILANCE-VUL-13686, ZDI-13-263, ZDI-CAN-1765.

Description of the vulnerability 

The HP SiteScope product has a SOAP interface, which is used for remote queries.

However, the SOAP API exposes the issueSiebelCmd function, which is used to execute a command.

An attacker can therefore call the issueSiebelCmd function of HP SiteScope, in order to execute a command on the server.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness bulletin impacts software or systems such as SiteScope.

Our Vigil@nce team determined that the severity of this computer threat announce is important.

The trust level is of type confirmed by the editor, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this threat announce.

Solutions for this threat 

HP SiteScope: patch.
A patch is available.
The master.config file then has to be edited, in order to add:
  _disableOldAPIs=true
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a network vulnerability alert. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.