CVE-2013-4836

2022-10-0316:14:57

[email protected]

web.nvd.nist.gov

alm

synchronizer

cve-2013-4836

vulnerability

soap

gossipservice

remote attackers

code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.203 Low

EPSS

Percentile

96.4%

JSON

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.

Affected configurations

NVD

Node

hpalm_synchronizerRange≤1.41

hpalm_synchronizerMatch1.10

hpalm_synchronizerMatch1.20

hpalm_synchronizerMatch1.30

hpalm_synchronizerMatch1.40

AND

hpapplication_lifecycle_managementMatch-

CPENameOperatorVersion
hp:alm_synchronizerhp alm synchronizerle1.41
hp:alm_synchronizerhp alm synchronizereq1.10
hp:alm_synchronizerhp alm synchronizereq1.20
hp:alm_synchronizerhp alm synchronizereq1.30
hp:alm_synchronizerhp alm synchronizereq1.40

CPE	Name	Operator	Version
hp:alm_synchronizer	hp alm synchronizer	le	1.41
hp:alm_synchronizer	hp alm synchronizer	eq	1.10
hp:alm_synchronizer	hp alm synchronizer	eq	1.20
hp:alm_synchronizer	hp alm synchronizer	eq	1.30
hp:alm_synchronizer	hp alm synchronizer	eq	1.40