8 matches found
CVE-2015-6030
HP ArcSight products (ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, ArcSight Connector Appliance 6.4.0.6881.3) are affected by CVE-2015-6030. The root account is used to execute files owned by the arcsight user, which may allow local users who have arcsight credentials to ga...
CVE-2021-38126
CVE-2021-38126 affects Micro Focus ArcSight Enterprise Security Manager (versions 7.4.x and 7.5.x). The connected sources indicate a remote-exploitation path leading to Cross-Site Scripting (XSS). The documents do not provide the underlying root cause details, affected components/files, exploit v...
CVE-2014-7885
HP ArcSight Enterprise Security Manager (ESM) prior to 6.8c is affected by multiple remote vulnerabilities (CVE-2014-7885). The Nessus entry cites XSS due to failure to validate tooltip input and CSRF allowing changes to rules or resources via a crafted link; affected versions include ESM before ...
CVE-2021-38127
CVE-2021-38127 affects Micro Focus ArcSight Enterprise Security Manager (versions 7.4.x and 7.5.x). The connected sources indicate a remotely exploitable vulnerability leading to Cross-Site Scripting (XSS). The NVD entry and related records provide CVSS metrics: CVSS v3.1 base score 6.1 (NETWORK,...
CVE-2016-1991
HP ArcSight ESM/ESM Express are affected by a vulnerability in older branches (ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, 6.8c before P1, and ESM Express before 6.9.1) that can enable remote authenticated users to perform file download attacks via unknown vectors. Connected sources a...
CVE-2016-1990
HP ArcSight ESM and ArcSight ESM Express are affected by CVE-2016-1990: local privilege escalation allowing a local user to gain privileges for command execution on specific versions. Affected products include HP ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, 6.8c before P1, and...
CVE-2021-38124
The CVE-2021-38124 entry concerns Micro Focus ArcSight Enterprise Security Manager (ESM) , affecting versions 7.0.2 through 7.5 . The connected documents confirm a Remote Code Execution vulnerability in ESM, with the vulnerability capable of being exploited remotely. The exact root cause, exploit...
CVE-2013-4815
HP ArcSight Enterprise Security Manager (ESM) is affected by CVE-2013-4815, a remote Cross-Site Scripting (XSS) vulnerability in the Management Web Interface. The flaw exists in ESM prior to version 5.5 and can allow an attacker to inject arbitrary web script or HTML through unspecified vectors i...