Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Arcsight Enterprise Security Manager Security Vulnerabilities - May

cve
cve

CVE-2017-13986

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

6.1CVSS

6.1AI Score

0.001EPSS

2017-09-30 01:29 AM
40
cve
cve

CVE-2017-13987

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

6.5CVSS

6.4AI Score

0.001EPSS

2017-09-30 01:29 AM
28
cve
cve

CVE-2017-13988

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

6.5CVSS

6.4AI Score

0.001EPSS

2017-09-30 01:29 AM
29
cve
cve

CVE-2017-13989

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

8.1CVSS

7.9AI Score

0.001EPSS

2017-09-30 01:29 AM
32
cve
cve

CVE-2017-13990

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

5.3CVSS

5.1AI Score

0.001EPSS

2017-09-30 01:29 AM
29
cve
cve

CVE-2017-13991

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

5.3CVSS

5.1AI Score

0.001EPSS

2017-09-30 01:29 AM
42
cve
cve

CVE-2017-14356

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

9.8CVSS

9.9AI Score

0.001EPSS

2017-10-31 03:29 PM
32
cve
cve

CVE-2017-14357

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

6.1CVSS

5.8AI Score

0.001EPSS

2017-10-31 03:29 PM
27
cve
cve

CVE-2017-14358

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

6.1CVSS

6.2AI Score

0.001EPSS

2017-10-31 03:29 PM
32