Lucene search

[email protected]CVE-2017-13990

HistorySep 30, 2017 - 1:29 a.m.

CVE-2017-13990

2017-09-3001:29:01

CWE-200

[email protected]

web.nvd.nist.gov

cve-2017-13990

information leakage

arcsight esm

arcsight esm express

apache tomcat

vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

Affected configurations

NVD

Node

hparcsight_enterprise_security_managerMatch6.0

hparcsight_enterprise_security_managerMatch6.0c

hparcsight_enterprise_security_managerMatch6.5

hparcsight_enterprise_security_managerMatch6.5sp1

hparcsight_enterprise_security_managerMatch6.5c

hparcsight_enterprise_security_managerMatch6.5csp1

hparcsight_enterprise_security_managerMatch6.8

hparcsight_enterprise_security_managerMatch6.8c

hparcsight_enterprise_security_managerMatch6.9.0c

hparcsight_enterprise_security_managerMatch6.9.1c

hparcsight_enterprise_security_managerMatch6.9.1cp1

hparcsight_enterprise_security_managerMatch6.9.1cp2

hparcsight_enterprise_security_managerMatch6.9.1cp3

hparcsight_enterprise_security_managerMatch6.11.0

Node

hparcsight_enterprise_security_manager_expressMatch6.0

hparcsight_enterprise_security_manager_expressMatch6.0c

hparcsight_enterprise_security_manager_expressMatch6.5

hparcsight_enterprise_security_manager_expressMatch6.5sp1

hparcsight_enterprise_security_manager_expressMatch6.5c

hparcsight_enterprise_security_manager_expressMatch6.5csp1

hparcsight_enterprise_security_manager_expressMatch6.8

hparcsight_enterprise_security_manager_expressMatch6.8c

hparcsight_enterprise_security_manager_expressMatch6.9.0

hparcsight_enterprise_security_manager_expressMatch6.9.1c

hparcsight_enterprise_security_manager_expressMatch6.9.1cp1

hparcsight_enterprise_security_manager_expressMatch6.9.1cp2

hparcsight_enterprise_security_manager_expressMatch6.9.1cp3

hparcsight_enterprise_security_manager_expressMatch6.11.0

CPENameOperatorVersion
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.0
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.0c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.5
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.5c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.8
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.8c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.9.0c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.9.1c
hp:arcsight_enterprise_security_managerhp arcsight enterprise security managereq6.11.0

CPE	Name	Operator	Version
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.0
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.0c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.5
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.5c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.8
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.8c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.9.0c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.9.1c
hp:arcsight_enterprise_security_manager	hp arcsight enterprise security manager	eq	6.11.0

References

www.securityfocus.com/bid/100935

softwaresupport.hpe.com/km/KM02944672

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

Related for CVE-2017-13990

cvelist1 nvd1 prion1 nessus1