VYPR

ArcSight Enterprise Security Manager

by Microfocus

CVEs (21)

  • CVE-2017-14356CriOct 31, 2017
    risk 0.64cvss 9.8epss 0.02

    An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

  • CVE-2024-3482HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-2835HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2017-13989HigSep 30, 2017
    risk 0.53cvss 8.1epss 0.01

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

  • CVE-2016-1991HigMar 16, 2016
    risk 0.52cvss 8.0epss 0.02

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.

  • CVE-2016-1990HigMar 16, 2016
    risk 0.51cvss 7.8epss 0.00

    HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.

  • CVE-2017-13988MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.01

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

  • CVE-2017-13987MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.01

    An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

  • CVE-2017-14358MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

  • CVE-2017-14357MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

  • CVE-2017-13986MedSep 30, 2017
    risk 0.40cvss 6.1epss 0.01

    A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

  • CVE-2017-13991MedSep 30, 2017
    risk 0.35cvss 5.3epss 0.01

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

  • CVE-2017-13990MedSep 30, 2017
    risk 0.35cvss 5.3epss 0.01

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

  • CVE-2024-0967MedMar 1, 2024
    risk 0.28cvss 4.3epss 0.01

    A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.

  • CVE-2021-38127Jan 14, 2022
    risk 0.00cvss epss 0.01

    Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).

  • CVE-2021-38126Jan 14, 2022
    risk 0.00cvss epss 0.01

    Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).

  • CVE-2021-38124Sep 28, 2021
    risk 0.00cvss epss 0.02

    Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.

  • CVE-2020-9522Jun 16, 2020
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.

  • CVE-2015-6030Nov 4, 2015
    risk 0.00cvss epss 0.01

    HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.

  • CVE-2014-7885Mar 14, 2015
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.

Page 1 of 2