Show filters
21 Total Results
Displaying 11-20 of 21
Sort by:
Attacker Value
Unknown

CVE-2017-13991

Disclosure Date: September 30, 2017 (last updated November 08, 2023)
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
0
0
Attacker Value
Unknown

CVE-2017-13990

Disclosure Date: September 30, 2017 (last updated November 08, 2023)
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
0
0
Attacker Value
Unknown

CVE-2017-13986

Disclosure Date: September 30, 2017 (last updated November 08, 2023)
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
0
0
Attacker Value
Unknown

CVE-2017-13989

Disclosure Date: September 30, 2017 (last updated November 08, 2023)
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
0
0
Attacker Value
Unknown

CVE-2017-13988

Disclosure Date: September 30, 2017 (last updated November 08, 2023)
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
0
0
Attacker Value
Unknown

CVE-2017-13987

Disclosure Date: September 30, 2017 (last updated November 08, 2023)
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
0
0
Attacker Value
Unknown

CVE-2016-1991

Disclosure Date: March 16, 2016 (last updated November 25, 2024)
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
0
0
Attacker Value
Unknown

CVE-2016-1990

Disclosure Date: March 16, 2016 (last updated November 25, 2024)
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2015-6030

Disclosure Date: November 04, 2015 (last updated October 05, 2023)
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
0
0
Attacker Value
Unknown

CVE-2014-7885

Disclosure Date: March 14, 2015 (last updated October 05, 2023)
Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
0
0
View More Topics  < Previous  Next >