RSS   Vulnerabilities for
'Arcsight enterprise security manager express'
   RSS

2017-10-31
 
CVE-2017-14358

CWE-601
 

 
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

 
 
CVE-2017-14357

CWE-79
 

 
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

 
 
CVE-2017-14356

CWE-89
 

 
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

 
2017-09-29
 
CVE-2017-13991

 

 
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

 
 
CVE-2017-13990

 

 
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

 
 
CVE-2017-13989

CWE-noinfo
 

 
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.

 
 
CVE-2017-13988

CWE-noinfo
 

 
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

 
 
CVE-2017-13987

CWE-noinfo
 

 
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

 
 
CVE-2017-13986

 

 
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

 

 >>> Vendor: HP 2379 Products
Hp-ux
Dtmail
VVOS
Http server
Sendmail
Desms
Mpe ix
Tru64
Openmail
Visualize conference ftp
Secure web console
Jetdirect
Apollo domain os
9000
Jetadmin
Aserver
Application server
Openview omniback ii
Openview network node manager
JDK
Insight manager
Support tools manager
Omniback ii
Virtualvault
MPE
Process resource manager
Cifs-9000 server
JRE
Secure os
Java jre-jdk
Advancestack 10base-t switching hub j3200a
Advancestack 10base-t switching hub j3201a
Advancestack 10base-t switching hub j3202a
Advancestack 10base-t switching hub j3203a
Advancestack 10base-t switching hub j3204a
Advancestack 10base-t switching hub j3205a
Advancestack 10base-t switching hub j3210a
Procurve switch 4000m
Photosmart print driver
Trucluster server
Instant support
Webes service tools
Alphaserver sc
Openview emanate snmp agent
JFS
Hp-ux series 700
Hp-ux series 800
Ldap-ux integration
Chaivm
Praesidium webproxy
Advanced server 9000
Secure web server for tru64
SIS
Instant toptools
Nonstop seeview server gateway
Openview
Bastille
Insight management suite
Remote diagnostics enabling agent
WBEM
Aaa server
Apache-based web server
Integrity
Webproxy
Integrated lights out
Openview select access
Ignite-ux
Sockd
Java sdk-rte
Storageworks command view
Workload manager
Ssl http server
Web jetadmin
Color laserjet
Color laserjet 4600
Laserjet 2500
Laserjet 3000
Laserjet 3700
Laserjet 4100 mfp
Laserjet 4200
Laserjet 4300
Laserjet 9000
Laserjet 9000 mfp
Laserjet 9040 mpf
Laserjet 9050
Laserjet 9050 mpf
Laserjet 9055
Laserjet 9065
Laserjet 9500
Laserjet 9500 mpf
Carrier grade server cc2300
Carrier grade server cc3300
Carrier grade server cc3310
Openvms
Openview radia management portal
Openview event correlation services
Reporter
Radia client
Version control repository manager
Webinspect
See all Products for Vendor HP


Copyright 2024, cxsecurity.com

 

Back to Top