Arcsight Enterprise Security Manager@6.8 Security Vulnerabilities and Issues — Arcsight Enterprise Security Manager@6.8 CVE List

Lucene search

HpArcsight Enterprise Security Manager6.8

9 matches found

CVE•added 2017/09/30 1:29 a.m.•53 views

CVE-2017-13991

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

5.3CVSS5.1AI score0.00551EPSS

CVE•added 2017/09/30 1:29 a.m.•51 views

CVE-2017-13986

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

6.1CVSS6.1AI score0.00362EPSS

CVE•added 2017/10/31 3:29 p.m.•41 views

CVE-2017-14356

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

9.8CVSS9.9AI score0.00527EPSS

CVE•added 2017/10/31 3:29 p.m.•41 views

CVE-2017-14358

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

6.1CVSS6.2AI score0.00249EPSS

CVE•added 2017/09/30 1:29 a.m.•40 views

CVE-2017-13990

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

5.3CVSS5.1AI score0.00551EPSS

CVE•added 2017/10/31 3:29 p.m.•40 views

CVE-2017-14357

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

6.1CVSS5.8AI score0.00362EPSS

CVE•added 2017/09/30 1:29 a.m.•39 views

CVE-2017-13987

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

6.5CVSS6.4AI score0.00349EPSS

CVE•added 2017/09/30 1:29 a.m.•39 views

CVE-2017-13989

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

8.1CVSS7.9AI score0.00339EPSS

CVE•added 2017/09/30 1:29 a.m.•38 views

CVE-2017-13988

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

6.5CVSS6.4AI score0.0026EPSS