VYPR

ArcSight ESM Express

by Microfocus

CVEs (3)

  • CVE-2017-14356CriOct 31, 2017
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

  • CVE-2017-14358MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

  • CVE-2017-14357MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)