Search Results | AttackerKB

Show filters

Topics 12 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

12 Total Results

Displaying 1-10 of 12

Attacker Value

Unknown

CVE-2017-14356

Disclosure Date: October 31, 2017 (last updated November 08, 2023)

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

0

Attacker Value

Unknown

CVE-2017-14357

Disclosure Date: October 31, 2017 (last updated November 08, 2023)

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

0

Attacker Value

Unknown

CVE-2017-14358

Disclosure Date: October 31, 2017 (last updated November 08, 2023)

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

0

Attacker Value

Unknown

CVE-2017-13991

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

0

Attacker Value

Unknown

CVE-2017-13990

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

0

Attacker Value

Unknown

CVE-2017-13986

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

0

Attacker Value

Unknown

CVE-2017-13989

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

0

Attacker Value

Unknown

CVE-2017-13988

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

0

Attacker Value

Unknown

CVE-2017-13987

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

0

Attacker Value

Unknown

CVE-2016-1991

Disclosure Date: March 16, 2016 (last updated November 25, 2024)

HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

0