HP ArcSight SmartConnector Man-in-the-Middle Attack Vulnerability

HP ArcSight SmartConnector is a log collector product from Hewlett-Packard HP. A security vulnerability exists in HP ArcSight SmartConnector that stems from the program failing to properly validate SSL certificates. A remote attacker could use this vulnerability to conduct a man-in-the-middle...

HP ArcSight SmartConnector fails to properly validate SSL and contains a hard-coded password

Overview The HP ArcSight SmartConnector fails to properly validate SSL certificates, and also contains a hard-coded password. Description CWE-295: Improper Certificate Validation - CVE-2015-2902The ArcSight SmartConnector fails to validate the certificate of the upstream Logger device it is...

Design/Logic Flaw

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

CVE-2011-2779

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770...

Cross site scripting

Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...

CVE-2011-0770

Cross-site scripting XSS vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file...