Main Vulnerability Database Vulnerabilities #VU42681

Input validation error in HP SiteScope - CVE-2013-2367

Published: July 31, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42681

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2013-2367

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Hewlett Packard Enterprise Development LP

Affected software:
HP SiteScope

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.

How to mitigate CVE-2013-2367

Install update from vendor's website.

Sources

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03861260

Input validation error in HP SiteScope - CVE-2013-2367

Detailed vulnerability description

How to mitigate CVE-2013-2367

Sources

Please verify you're human