Lucene search
K
HpArcsight Enterprise Security Manager

9 matches found

CVE
CVE
added 2017/09/29 2:0 p.m.69 views

CVE-2017-13986

CVE-2017-13986 is a reflected Cross-Site Scripting (XSS) vulnerability in ArcSight ESM and ArcSight ESM Express . Affected are any 6.x versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 . The issue arises from handling a crafted URL, enabling unintended information exposure. According to NVD, the...

6.1CVSS6.1AI score0.0096EPSS
CVE
CVE
added 2017/09/29 2:0 p.m.67 views

CVE-2017-13991

The CVE-2017-13991 entry concerns an information-disclosure vulnerability in HP ArcSight ESM and ArcSight ESM Express. Affected are any 6.x versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, where an attacker could disclose product license features. The Connected documents reference the same iss...

5.3CVSS5.1AI score0.01483EPSS
CVE
CVE
added 2017/09/29 2:0 p.m.53 views

CVE-2017-13990

Summary: CVE-2017-13990 describes an information-disclosure vulnerability in HP ArcSight ESM/ESM Express (ArcSight) where any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1 can disclose the Apache Tomcat application server version. Affected products/versions: ArcSight ESM and ArcSight ESM ...

5.3CVSS5.1AI score0.01483EPSS
CVE
CVE
added 2017/10/31 3:0 p.m.53 views

CVE-2017-14356

HP ArcSight ESM and ArcSight ESM Express (6.x) are affected by an SQL Injection vulnerability in versions before 6.9.1c Patch 4 or 6.11.0 Patch 1. A remote attacker could exploit this to inject SQL commands. Affected products include HP ArcSight ESM and ArcSight ESM Express. Remediation is to upg...

9.8CVSS9.9AI score0.01815EPSS
CVE
CVE
added 2017/09/29 2:0 p.m.52 views

CVE-2017-13987

Summary: CVE-2017-13987 concerns HP ArcSight ESM/ESM Express. The vulnerability is an insufficient access control that allows an unauthorized user to download log files. This affects any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Affected product/limitation: ArcSight ESM and ArcSight ...

6.5CVSS6.4AI score0.00963EPSS
CVE
CVE
added 2017/10/31 3:0 p.m.51 views

CVE-2017-14358

CVE-2017-14358 affects HP ArcSight ESM and HP ArcSight ESM Express (HP ArcSight ESM 6.x) prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. The issue is a URL redirection vulnerability that could be exploited remotely to lead users to an untrusted site. Connected documents confirm the affected products a...

6.1CVSS6.2AI score0.01195EPSS
CVE
CVE
added 2017/09/29 2:0 p.m.50 views

CVE-2017-13988

Affected product: ArcSight ESM and ArcSight ESM Express. Vulnerable versions: any 6.x prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. Root cause / impact: improper access control lets unauthorized users alter the maximum size of storage groups and enable/disable the follow schedule function. Exploitab...

6.5CVSS6.4AI score0.00826EPSS
CVE
CVE
added 2017/09/29 2:0 p.m.50 views

CVE-2017-13989

CVE-2017-13989 describes an improper access control vulnerability in HP ArcSight ESM and ArcSight ESM Express. Affected products are ArcSight ESM/Express versions prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. The issue allows unauthorized users to retrieve or modify storage information due to inadeq...

8.1CVSS7.9AI score0.00982EPSS
CVE
CVE
added 2017/10/31 3:0 p.m.49 views

CVE-2017-14357

HP ArcSight ESM and HP ArcSight ESM Express are affected by CVE-2017-14357: a Reflected and Stored Cross-Site Scripting (XSS) vulnerability in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. The issue could be exploited remotely to inject web scripts or HTML, enabling client-side scrip...

6.1CVSS5.8AI score0.01254EPSS