Lucene search

PRIOn knowledge basePRION:CVE-2015-6030

HistoryNov 04, 2015 - 3:59 a.m.

Command injection

2015-11-0403:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

CPENameOperatorVersion
arcsight_command_centereq6.8.0.1896.0
arcsight_connector_appliancele6.4.0.6881.3
arcsight_connectorsle7.1.3
arcsight_expresseq4.0
arcsight_expresseq4.0 p1
arcsight_loggereq6.0.0.7307.1
arcsight_management_centerle2.0
arcsight_enterprise_security_managerle6.5

Name	Operator	Version
arcsight_command_center	eq	6.8.0.1896.0
arcsight_connector_appliance	le	6.4.0.6881.3
arcsight_connectors	le	7.1.3
arcsight_express	eq	4.0
arcsight_express	eq	4.0 p1
arcsight_logger	eq	6.0.0.7307.1
arcsight_management_center	le	2.0
arcsight_enterprise_security_manager	le	6.5

References

www.kb.cert.org/vuls/id/842252

www.securitytracker.com/id/1034072

www.securitytracker.com/id/1034073

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416

7.5 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for PRION:CVE-2015-6030