Lucene search

[email protected]CVE-2017-13987

HistorySep 30, 2017 - 1:29 a.m.

CVE-2017-13987

2017-09-3001:29:01

[email protected]

web.nvd.nist.gov

cve-2017-13987

arcsight esm

esm express

vulnerability

unauthorized access

log files

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

Affected configurations

NVD

Node

hparcsight_enterprise_security_managerMatch6.0

hparcsight_enterprise_security_managerMatch6.0c

hparcsight_enterprise_security_managerMatch6.5

hparcsight_enterprise_security_managerMatch6.5sp1

hparcsight_enterprise_security_managerMatch6.5c

hparcsight_enterprise_security_managerMatch6.5csp1

hparcsight_enterprise_security_managerMatch6.8

hparcsight_enterprise_security_managerMatch6.8c

hparcsight_enterprise_security_managerMatch6.9.0c

hparcsight_enterprise_security_managerMatch6.9.1c

hparcsight_enterprise_security_managerMatch6.9.1cp1

hparcsight_enterprise_security_managerMatch6.9.1cp2

hparcsight_enterprise_security_managerMatch6.9.1cp3

hparcsight_enterprise_security_managerMatch6.11.0

Node

hparcsight_enterprise_security_manager_expressMatch6.0

hparcsight_enterprise_security_manager_expressMatch6.0c

hparcsight_enterprise_security_manager_expressMatch6.5

hparcsight_enterprise_security_manager_expressMatch6.5sp1

hparcsight_enterprise_security_manager_expressMatch6.5c

hparcsight_enterprise_security_manager_expressMatch6.5csp1

hparcsight_enterprise_security_manager_expressMatch6.8

hparcsight_enterprise_security_manager_expressMatch6.8c

hparcsight_enterprise_security_manager_expressMatch6.9.0

hparcsight_enterprise_security_manager_expressMatch6.9.1c

hparcsight_enterprise_security_manager_expressMatch6.9.1cp1

hparcsight_enterprise_security_manager_expressMatch6.9.1cp2

hparcsight_enterprise_security_manager_expressMatch6.9.1cp3

hparcsight_enterprise_security_manager_expressMatch6.11.0

CPENameOperatorVersion
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.0
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.0c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.5
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.5c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.8
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.8c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.9.0c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.9.1c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.11.0

CPE	Name	Operator	Version
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.0
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.0c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.5
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.5c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.8
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.8c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.9.0c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.9.1c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.11.0

References

www.securityfocus.com/bid/100935

softwaresupport.hpe.com/km/KM02944672

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

Related for CVE-2017-13987

prion1 cvelist1 nvd1 nessus1