9 matches found
CVE-2017-13986
CVE-2017-13986 is a reflected Cross-Site Scripting (XSS) vulnerability in ArcSight ESM and ArcSight ESM Express . Affected are any 6.x versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 . The issue arises from handling a crafted URL, enabling unintended information exposure. According to NVD, the...
CVE-2017-13991
The CVE-2017-13991 entry concerns an information-disclosure vulnerability in HP ArcSight ESM and ArcSight ESM Express. Affected are any 6.x versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, where an attacker could disclose product license features. The Connected documents reference the same iss...
CVE-2017-13990
Summary: CVE-2017-13990 describes an information-disclosure vulnerability in HP ArcSight ESM/ESM Express (ArcSight) where any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 can disclose the Apache Tomcat application server version. Affected products/versions: ArcSight ESM and ArcSight ESM ...
CVE-2017-14356
HP ArcSight ESM and ArcSight ESM Express (6.x) are affected by an SQL Injection vulnerability in versions before 6.9.1c Patch 4 or 6.11.0 Patch 1. A remote attacker could exploit this to inject SQL commands. Affected products include HP ArcSight ESM and ArcSight ESM Express. Remediation is to upg...
CVE-2017-13987
Summary: CVE-2017-13987 concerns HP ArcSight ESM/ESM Express. The vulnerability is an insufficient access control that allows an unauthorized user to download log files. This affects any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Affected product/limitation: ArcSight ESM and ArcSight ...
CVE-2017-14358
CVE-2017-14358 affects HP ArcSight ESM and HP ArcSight ESM Express (HP ArcSight ESM 6.x) prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. The issue is a URL redirection vulnerability that could be exploited remotely to lead users to an untrusted site. Connected documents confirm the affected products a...
CVE-2017-13988
Affected product: ArcSight ESM and ArcSight ESM Express. Vulnerable versions: any 6.x prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Root cause / impact: improper access control lets unauthorized users alter the maximum size of storage groups and enable/disable the follow schedule function. Exploitab...
CVE-2017-13989
CVE-2017-13989 describes an improper access control vulnerability in HP ArcSight ESM and ArcSight ESM Express. Affected products are ArcSight ESM/Express versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. The issue allows unauthorized users to retrieve or modify storage information due to inadeq...
CVE-2017-14357
HP ArcSight ESM and HP ArcSight ESM Express are affected by CVE-2017-14357: a Reflected and Stored Cross-Site Scripting (XSS) vulnerability in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. The issue could be exploited remotely to inject web scripts or HTML, enabling client-side scrip...