Hp

Arcsight Enterprise Security Manager Express

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-14356

  • EPSS 0.53%
  • Published 31.10.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

6.1

CVE-2017-14357

  • EPSS 0.36%
  • Published 31.10.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored...

6.1

CVE-2017-14358

  • EPSS 0.25%
  • Published 31.10.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

6.1

CVE-2017-13986

  • EPSS 0.36%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

6.5

CVE-2017-13987

  • EPSS 0.35%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

6.5

CVE-2017-13988

  • EPSS 0.26%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the...

8.1

CVE-2017-13989

  • EPSS 0.34%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

5.3

CVE-2017-13990

  • EPSS 0.55%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

5.3

CVE-2017-13991

  • EPSS 0.55%
  • Published 30.09.2017 01:29:01
  • Last modified 20.04.2025 01:37:25

An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.