CVE-2011-2779
Description
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, allowing local users to modify or delete log data.
Vulnerability
The Windows Event Log SmartConnector in HP ArcSight Connector Appliance before version 6.1 (specifically v6.0.0.60023.2 and possibly earlier) creates exported report files with world-writable permissions. This allows any local user to modify or delete these files, potentially altering log data. The exported report files are created with a default name and are world-writable [1].
Exploitation
An attacker with local access to the ArcSight Connector Appliance can locate the exported report files (which are world-writable) and modify or delete them. No special privileges are required beyond local user access. The attacker can change the contents of the report file, including injecting malicious content if the file is later imported and edited (as part of an XSS attack, but that is a separate vulnerability CVE-2011-0770). For this CVE, the exploitation simply involves writing to the file.
Impact
A local attacker can change or delete log data by modifying the exported report files. This could lead to loss of integrity of log data, potentially covering up malicious activities or causing denial of service by deleting important logs. The attacker does not gain elevated privileges but can corrupt data.
Mitigation
HP released ArcSight Connector Appliance version 6.1 to address this vulnerability. Users should upgrade to version 6.1 or later. If upgrading is not possible, restrict local access to the appliance and ensure that exported report files are stored in a secure location with appropriate permissions. No workaround is mentioned in the reference.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8- cpe:2.3:a:hp:windows_event_log_smartconnector:*:*:*:*:*:*:*:*Range: <=6.0.0.60023.2
- cpe:2.3:h:hp:arcsight_c1000_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c1300_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c3200_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c3400_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c5200_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:h:hp:arcsight_c5400_appliance:*:*:*:*:*:*:*:*
- Range: <6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.kb.cert.org/vuls/id/122054nvdUS Government Resource
- exchange.xforce.ibmcloud.com/vulnerabilities/68855nvd
News mentions
0No linked articles in our index yet.