2 matches found
CVE-2015-2902
HP ArcSight SmartConnectors before version 7.1.6 fail to verify X.509 certificates from Logger devices, enabling a man-in-the-middle attacker to spoof devices and read SSL-protected log traffic via a crafted certificate. This vulnerability affects ArcSight SmartConnectors prior to 7.1.6 and has a...
HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password
Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...