The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ArcSight Connector

computer vulnerability alert CVE-2016-4391

ArcSight WINC Connector: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of ArcSight WINC Connector, in order to run code.
Impacted products: ArcSight Connector.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 20/10/2016.
Identifiers: c05313743, CVE-2016-4391, HPSBGN03663, VIGILANCE-VUL-20926.

Description of the vulnerability

An attacker can use a vulnerability of ArcSight WINC Connector, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-6030

HP ArcSight: privilege escalation

Synthesis of the vulnerability

A local attacker can alter files of HP ArcSight, in order to escalate his privileges.
Impacted products: ArcSight Connector, ArcSight ESM, ArcSight Express, ArcSight Logger, HPE ArcMC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 04/11/2015.
Identifiers: c04872416, CVE-2015-6030, HPSBGN03430, VIGILANCE-VUL-18240, VU#842252.

Description of the vulnerability

The HP ArcSight product installs files belonging to the "arcsight" user, but run by the "root" user.

However, a local attacker with the "arcsight" privilege, can alter these files.

A local attacker can therefore alter files of HP ArcSight, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-2902 CVE-2015-2903

HP ArcSight SmartConnector: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of HP ArcSight SmartConnector.
Impacted products: ArcSight Connector.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/10/2015.
Identifiers: c04850932, CVE-2015-2902, CVE-2015-2903, HPSBGN03425, VIGILANCE-VUL-18199, VU#350508.

Description of the vulnerability

Several vulnerabilities were announced in HP ArcSight SmartConnector.

An attacker can act as a Man-in-the-Middle on Upstream Logger Device, in order to read or write data in the session. [severity:2/4; CVE-2015-2902]

An attacker can use the hard-coded password in CWSAPI SOAP, in order to escalate his privileges. [severity:2/4; CVE-2015-2903]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-3286 CVE-2012-5198 CVE-2012-5199

HP ArcSight Connector, Logger: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities were announced in HP ArcSight Connector Appliance and HP ArcSight Logger.
Impacted products: ArcSight Connector, ArcSight Logger.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/02/2013.
Identifiers: BID-57975, BID-57976, BID-57978, c03606700, CVE-2012-3286, CVE-2012-5198, CVE-2012-5199, HPSBMU02836, SSRT101040, SSRT101056, SSRT101060, VIGILANCE-VUL-12426, VU#829260, VU#988100.

Description of the vulnerability

Three vulnerabilities were announced in HP ArcSight Connector Appliance and HP ArcSight Logger.

An attacker can use a vulnerability, in order to execute code. [severity:3/4; BID-57978, CVE-2012-3286, SSRT101040, VU#829260]

An attacker can use a vulnerability, in order to obtain information. [severity:2/4; BID-57976, CVE-2012-5198, SSRT101056, VU#988100]

An attacker can use a vulnerability, in order to execute code. [severity:3/4; BID-57975, CVE-2012-5199, SSRT101060]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-2960

HP ArcSight Connector, Logger: Cross Site Scripting

Synthesis of the vulnerability

An attacker can invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Impacted products: ArcSight Connector, ArcSight Logger.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/08/2012.
Identifiers: BID-54824, c03606700, CVE-2012-2960, HPSBMU02836, SSRT100864, VIGILANCE-VUL-11826, VU#960468.

Description of the vulnerability

The ArcSight Connector and Logger products allows the administrator to import a list of computers from a file:
 - System Admin
 - Network
 - Hosts
 - Import from Local File

However, imported names are then directly displayed by the service, without being filtered. An attacker can thus create a file containing a computer list with JavaScript, which is then inserted in web pages generated by the service.

An attacker can therefore invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ArcSight Connector: