5 matches found
CVE-2015-6029
HP ArcSight Logger before 6.0 P2 is vulnerable to CVE-2015-6029: the SOAP interface does not limit authentication attempts, enabling remote brute-force access. The HP Security Bulletin (HPSBGN03429) confirms the impact and provides remediation: update to ArcSight Logger v6.0 P2 or later (6.0 P2, ...
CVE-2015-6029
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...
[security bulletin] HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of Information
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04863612 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863612 Version: 1 HPSBGN03429 rev.1 - HP Arcsight Logger, Remote Disclosure of...
HP ArcSight Logger contains multiple vulnerabilities
Overview HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios. Description CWE-285: Improper Authorization- CVE-2015-2136A remote authenticated user without Logger Search permissions may be able to bypass authorization...
HP ArcSight Logger < 6.0 P2 Multiple Vulnerabilities
According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0 P2. It is, therefore, affected by multiple vulnerabilities : - An authorization bypass vulnerability exists that allows an authenticated, remote attacker to bypass...