HP » Arcsight Enterprise Security Manager : Security Vulnerabilities, CVEs,
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
Max CVSS
6.1
EPSS Score
0.06%
Published
2017-10-31
Updated
2017-11-21
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)
Max CVSS
6.1
EPSS Score
0.06%
Published
2017-10-31
Updated
2017-11-21
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
Max CVSS
9.8
EPSS Score
0.12%
Published
2017-10-31
Updated
2017-11-18
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
Max CVSS
5.3
EPSS Score
0.07%
Published
2017-09-30
Updated
2017-10-05
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
Max CVSS
5.3
EPSS Score
0.07%
Published
2017-09-30
Updated
2017-10-05
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
Max CVSS
8.1
EPSS Score
0.06%
Published
2017-09-30
Updated
2019-10-03
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
Max CVSS
6.5
EPSS Score
0.05%
Published
2017-09-30
Updated
2019-10-03
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
Max CVSS
6.5
EPSS Score
0.06%
Published
2017-09-30
Updated
2019-10-03
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
Max CVSS
6.1
EPSS Score
0.06%
Published
2017-09-30
Updated
2017-10-05
9 vulnerabilities found