Lucene search
K
HpArcsight Logger

19 matches found

CVE
CVE
added 2019/10/04 7:16 p.m.200 views

CVE-2019-11656

CVE-2019-11656 is a Stored XSS vulnerability in Micro Focus ArcSight Logger, affecting versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. The issue arises from improper neutralization of input during web page generation, enabling cross-site scripting. Public sources in the connected documents co...

5.4CVSS5.1AI score0.00644EPSS
CVE
CVE
added 2019/10/04 7:10 p.m.189 views

CVE-2019-11655

CVE-2019-11655 affects Micro Focus ArcSight Logger (version 6.7.0 and later). The vulnerability is an Unrestricted Upload of File with Dangerous type due to unrestricted file upload. The connected documents confirm the issue and its association with ArcSight Logger, but do not provide detailed ex...

8.8CVSS8.6AI score0.01513EPSS
CVE
CVE
added 2019/07/24 3:30 p.m.121 views

CVE-2019-3485

CVE-2019-3485 affects ArcSight Logger (Micro Focus) prior to version 6.7.1. The issue is a stored cross-site scripting (XSS) vulnerability in the WEB application, caused by lack of proper validation of client-side data. Impact is described as potential for executing client-side code; the vulnerab...

6.1CVSS5.2AI score0.01145EPSS
CVE
CVE
added 2015/11/04 2:0 a.m.64 views

CVE-2015-6030

HP ArcSight products (ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, ArcSight Connector Appliance 6.4.0.6881.3) are affected by CVE-2015-6030. The root account is used to execute files owned by the arcsight user, which may allow local users who have arcsight credentials to ga...

7.2CVSS7.2AI score0.00608EPSS
CVE
CVE
added 2019/03/25 4:1 p.m.56 views

CVE-2019-3479

CVE-2019-3479 affects Micro Focus ArcSight Logger prior to 6.7, describing an input validation vulnerability that could allow remote code execution. The connected CNVD entry confirms the issue is a remote code execution vulnerability affecting ArcSight Logger versions before 6.7. There are no exp...

9.8CVSS9.6AI score0.06924EPSS
CVE
CVE
added 2013/02/16 9:0 p.m.53 views

CVE-2012-3286

CVE-2012-3286: Unspecified vulnerability in HP ArcSight Connector Appliance ≤6.3 and ArcSight Logger ≤5.2 that could allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. HP’s security bulletin SSRT101056/HPSBMU02836 indic...

6.5CVSS6.5AI score0.02374EPSS
CVE
CVE
added 2015/09/16 2:0 p.m.52 views

CVE-2015-2136

HP ArcSight Logger prior to version 6.0 P2 contains CVE-2015-2136: remote authenticated users can bypass the intended authorization policy (noted via the SOAP interface) and perform unauthorized actions. Affected product/version: HP ArcSight Logger before 6.0 P2. Root cause indicated as improper ...

4CVSS6.2AI score0.0184EPSS
CVE
CVE
added 2013/02/16 9:0 p.m.51 views

CVE-2012-5199

CVE-2012-5199 affects HP ArcSight Connector Appliance ≤6.3 and ArcSight Logger ≤5.2. Root cause is an unspecified vulnerability that could allow remote authenticated users to execute arbitrary code via unknown vectors. HP’s security bulletin SSRT101056 indicates remediation by updating to ArcSigh...

6.8CVSS7.5AI score0.00942EPSS
CVE
CVE
added 2013/02/16 9:0 p.m.50 views

CVE-2012-5198

HP ArcSight Connector Appliance older than 6.3 and ArcSight Logger older than 5.2 are affected by CVE-2012-5198, a remote information-disclosure vulnerability with unknown vectors. HP's security bulletin HPSBMU02836/SSRT notes remediation: upgrade to ArcSight Connector Appliance 6.4 and ArcSight ...

5CVSS6.3AI score0.03792EPSS
CVE
CVE
added 2015/03/14 1:0 a.m.48 views

CVE-2014-7884

CVE-2014-7884 affects HP ArcSight Logger prior to 6.0P1. The Nessus entry and Exploit-DB show an Arbitrary File Upload/Code Execution path due to improper sanitization of uploaded file names in the configuration import feature, allowing an authenticated attacker to upload a server-side script (JS...

9CVSS6.6AI score0.117EPSS
Web
CVE
CVE
added 2019/03/25 4:5 p.m.47 views

CVE-2019-3483

CVE-2019-3483 concerns ArcSight Logger prior to 6.7. The related documents indicate an information-disclosure vulnerability in ArcSight Logger versions before 6.7 and that mitigation exists for those versions. No exploitation details or patch version are explicitly provided in the connected docum...

6.8CVSS6.2AI score0.01557EPSS
CVE
CVE
added 2019/03/25 4:6 p.m.47 views

CVE-2019-3484

The CVE describes a remote code execution vulnerability in Micro Focus ArcSight Logger, affecting versions prior to 6.7. The root cause is an input validation flaw in ArcSight Logger that can be exploited to execute arbitrary code. Affected component is ArcSight Logger’s input handling; impact in...

7.8CVSS7.9AI score0.01374EPSS
CVE
CVE
added 2016/01/16 2:0 a.m.45 views

CVE-2015-6864

HP ArcSight Logger prior to version 6.1P1 is affected by multiple vulnerabilities in the Intellicus and client-certificate upload components, due to improper input validation, enabling remote authenticated execution of arbitrary code. Remediation per the connected Nessus entry is upgrade to 6.1P1...

6.5CVSS6.8AI score0.00854EPSS
CVE
CVE
added 2019/03/25 4:4 p.m.45 views

CVE-2019-3481

CVE-2019-3481 concerns a XML External Entity (XXE) parsing vulnerability in Micro Focus ArcSight Logger prior to version 6.7. The issue stems from insecure XML entity handling in the affected logger, enabling information disclosure or disruption of service as described in CNVD-2019-08313 (and mir...

7.5CVSS6.8AI score0.01737EPSS
CVE
CVE
added 2015/11/04 2:0 a.m.44 views

CVE-2015-6029

HP ArcSight Logger before 6.0 P2 is vulnerable to CVE-2015-6029: the SOAP interface does not limit authentication attempts, enabling remote brute-force access. The HP Security Bulletin (HPSBGN03429) confirms the impact and provides remediation: update to ArcSight Logger v6.0 P2 or later (6.0 P2, ...

5CVSS6.6AI score0.04439EPSS
CVE
CVE
added 2019/03/25 4:3 p.m.41 views

CVE-2019-3480

ArcSight Logger prior to version 6.7 is affected by a cross-site scripting vulnerability (stored/reflected XSS). The CNVD entry confirms a XSS issue in ArcSight Logger = 6.7 or applying vendor-provided fixes, as described in the CNVD/CVE references. If applying updates, verify release notes speci...

6.1CVSS5.9AI score0.01266EPSS
CVE
CVE
added 2019/03/25 4:5 p.m.41 views

CVE-2019-3482

The CVE concerns a directory traversal vulnerability in Micro Focus ArcSight Logger before version 6.7. Root cause: improper handling of path input leading to unauthorized information disclosure. Affected product: ArcSight Logger (versions prior to 6.7). Impact: potential disclosure of sensitive ...

6.8CVSS6.4AI score0.04227EPSS
CVE
CVE
added 2016/01/16 2:0 a.m.39 views

CVE-2015-6863

HP ArcSight Logger before 6.1P1 is affected by multiple vulnerabilities in the Intellicus and client-certificate upload components due to improper validation of user-supplied input. This allows a remote attacker to execute arbitrary code. The issues are reported in the context of HP ArcSight Logg...

7.5CVSS7.7AI score0.02264EPSS
CVE
CVE
added 2015/11/12 2:0 a.m.37 views

CVE-2015-5441

CVE-2015-5441 concerns stored XSS in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 (CWE-79). Multiple connected sources (e.g., JVN entries and CNVD/NVD mirrors) describe that an arbitrary script may be executed in a user’s browser due to unsafe handling of input. Affecte...

4.3CVSS5.9AI score0.01942EPSS