Search Results | AttackerKB

Show filters

Topics 10 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

10 Total Results

Displaying 1-10 of 10

Attacker Value

Unknown

CVE-2017-14356

Disclosure Date: October 31, 2017 (last updated November 08, 2023)

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

0

Attacker Value

Unknown

CVE-2017-14357

Disclosure Date: October 31, 2017 (last updated November 08, 2023)

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

0

Attacker Value

Unknown

CVE-2017-14358

Disclosure Date: October 31, 2017 (last updated November 08, 2023)

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

0

Attacker Value

Unknown

CVE-2017-13991

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

0

Attacker Value

Unknown

CVE-2017-13990

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

0

Attacker Value

Unknown

CVE-2017-13986

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

0

Attacker Value

Unknown

CVE-2017-13989

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

0

Attacker Value

Unknown

CVE-2017-13988

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

0

Attacker Value

Unknown

CVE-2017-13987

Disclosure Date: September 30, 2017 (last updated November 08, 2023)

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

0

Attacker Value

Unknown

CVE-2015-6030

Disclosure Date: November 04, 2015 (last updated October 05, 2023)

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

0