5 matches found
HPE ArcSight ESM and ArcSight ESM Express SQL Injection Vulnerability
HPE ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real tim...
CVE-2017-13988
Affected product: ArcSight ESM and ArcSight ESM Express. Vulnerable versions: any 6.x prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Root cause / impact: improper access control lets unauthorized users alter the maximum size of storage groups and enable/disable the follow schedule function. Exploitab...
CVE-2017-13990
Summary: CVE-2017-13990 describes an information-disclosure vulnerability in HP ArcSight ESM/ESM Express (ArcSight) where any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 can disclose the Apache Tomcat application server version. Affected products/versions: ArcSight ESM and ArcSight ESM ...
CVE-2016-1992
HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2016-1991
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors...