VYPR

ArcSight SmartConnectors

by Microfocus

CVEs (2)

  • CVE-2015-2903Nov 4, 2015
    risk 0.00cvss epss 0.01

    The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password.

  • CVE-2015-2902Nov 4, 2015
    risk 0.00cvss epss 0.02

    HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.