VYPR
Medium severity6.1NVD Advisory· Published Sep 30, 2017· Updated Jun 17, 2026

CVE-2017-13986

CVE-2017-13986

Description

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

Affected products

30
  • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p1:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p2:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c:p3:*:*:*:*:*:*
  • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5:sp1:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:*:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p1:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p2:*:*:*:*:*:*
    • cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c:p3:*:*:*:*:*:*
  • HPE/ArcSight ESMllm-fuzzy
    Range: < 6.9.1c Patch 4 or < 6.11.0 Patch 1
  • ArcSight/ESMllm-fuzzy
    Range: < 6.9.1c Patch 4 or < 6.11.0 Patch 1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.