Arcsight Enterprise Security Manager Express
Sign in to watchby HP
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13989 | Hig | 0.53 | 8.1 | 0.00 | Sep 30, 2017 | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | |
| CVE-2017-13988 | Med | 0.42 | 6.5 | 0.00 | Sep 30, 2017 | An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function. | |
| CVE-2017-13987 | Med | 0.42 | 6.5 | 0.00 | Sep 30, 2017 | An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | |
| CVE-2017-14358 | Med | 0.40 | 6.1 | 0.00 | Oct 31, 2017 | A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | |
| CVE-2017-13986 | Med | 0.40 | 6.1 | 0.00 | Sep 30, 2017 | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | |
| CVE-2017-13991 | Med | 0.34 | 5.3 | 0.01 | Sep 30, 2017 | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. |