The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ArcSight Logger

vulnerability announce CVE-2015-6863 CVE-2015-6864

HPE ArcSight Logger: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of HPE ArcSight Logger.
Impacted products: ArcSight Logger.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/01/2016.
Identifiers: c04941487, CVE-2015-6863, CVE-2015-6864, HPSBGN03532, VIGILANCE-VUL-18722.

Description of the vulnerability

Several vulnerabilities were announced in HPE ArcSight Logger.

An attacker can use a vulnerability in Intellicus, in order to run code. [severity:2/4; CVE-2015-6863]

An attacker can use a vulnerability in Client Certificate Upload, in order to run code. [severity:2/4; CVE-2015-6864]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-6029

HP ArcSight Logger: brute force on SOAP

Synthesis of the vulnerability

An attacker can try to authenticate with no limit on SOAP, in order to perform a brute force.
Impacted products: ArcSight Logger.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 20/10/2015.
Revision date: 04/11/2015.
Identifiers: c04863612, CVE-2015-6029, HPSBGN03429, VIGILANCE-VUL-18139, VU#842252.

Description of the vulnerability

The HP ArcSight Logger product offers a SOAP interface requiring an authentication.

However, there is no limit on the number of authentication trials.

An attacker can therefore try to authenticate with no limit on SOAP, in order to perform a brute force.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-6030

HP ArcSight: privilege escalation

Synthesis of the vulnerability

A local attacker can alter files of HP ArcSight, in order to escalate his privileges.
Impacted products: ArcSight Connector, ArcSight ESM, ArcSight Express, ArcSight Logger, HPE ArcMC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 04/11/2015.
Identifiers: c04872416, CVE-2015-6030, HPSBGN03430, VIGILANCE-VUL-18240, VU#842252.

Description of the vulnerability

The HP ArcSight product installs files belonging to the "arcsight" user, but run by the "root" user.

However, a local attacker with the "arcsight" privilege, can alter these files.

A local attacker can therefore alter files of HP ArcSight, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-5441

HP ArcSight Logger, MC: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of HP ArcSight Logger/MC, in order to run JavaScript code in the context of the web site.
Impacted products: ArcSight Logger, HPE ArcMC.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 24/09/2015.
Identifiers: c04797406, CVE-2015-5441, HPSBGN03507, VIGILANCE-VUL-17970.

Description of the vulnerability

The HP ArcSight Logger/MC product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of HP ArcSight Logger/MC, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2136

HP ArcSight Logger: privilege escalation

Synthesis of the vulnerability

An authenticated attacker can use HP ArcSight Logger, in order to escalate his privileges.
Impacted products: ArcSight Logger.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 11/08/2015.
Identifiers: c04762372, CVE-2015-2136, HPSBMU03392, SSRT101904, VIGILANCE-VUL-17621, VU#842252.

Description of the vulnerability

The HP ArcSight Logger product grants privileges to some users.

However, an authenticated attacker can bypass his authorization restrictions.

An authenticated attacker can therefore use HP ArcSight Logger, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 17554

HP ArcSight Logger: incoherent complex searches

Synthesis of the vulnerability

An HP ArcSight Logger administrator, who searches traces of a sensitive event, may miss this event.
Impacted products: ArcSight Logger.
Severity: 1/4.
Consequences: disguisement.
Provenance: document.
Creation date: 31/07/2015.
Identifiers: VIGILANCE-VUL-17554.

Description of the vulnerability

The HP ArcSight Logger product is used to store and read event logs.

However, search features contain several errors. Results are thus inconsistent.

An HP ArcSight Logger administrator, who searches traces of a sensitive event, may therefore miss this event.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-7884

ArcSight Logger: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ArcSight Logger.
Impacted products: ArcSight Logger.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 18/03/2015.
Identifiers: c04562193, CVE-2014-7884, HPSBGN03249, VIGILANCE-VUL-16406, VU#868948.

Description of the vulnerability

Several vulnerabilities were announced in ArcSight Logger.

An attacker can upload a malicious file, in order for example to upload a Trojan. [severity:3/4]

An attacker can alter the configuration, in order to escalate his privileges. [severity:2/4]

An attacker can transmit malicious XML data, in order to read a file, scan sites, or trigger a denial of service. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-3286 CVE-2012-5198 CVE-2012-5199

HP ArcSight Connector, Logger: three vulnerabilities

Synthesis of the vulnerability

Three vulnerabilities were announced in HP ArcSight Connector Appliance and HP ArcSight Logger.
Impacted products: ArcSight Connector, ArcSight Logger.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/02/2013.
Identifiers: BID-57975, BID-57976, BID-57978, c03606700, CVE-2012-3286, CVE-2012-5198, CVE-2012-5199, HPSBMU02836, SSRT101040, SSRT101056, SSRT101060, VIGILANCE-VUL-12426, VU#829260, VU#988100.

Description of the vulnerability

Three vulnerabilities were announced in HP ArcSight Connector Appliance and HP ArcSight Logger.

An attacker can use a vulnerability, in order to execute code. [severity:3/4; BID-57978, CVE-2012-3286, SSRT101040, VU#829260]

An attacker can use a vulnerability, in order to obtain information. [severity:2/4; BID-57976, CVE-2012-5198, SSRT101056, VU#988100]

An attacker can use a vulnerability, in order to execute code. [severity:3/4; BID-57975, CVE-2012-5199, SSRT101060]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-2960

HP ArcSight Connector, Logger: Cross Site Scripting

Synthesis of the vulnerability

An attacker can invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Impacted products: ArcSight Connector, ArcSight Logger.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 07/08/2012.
Identifiers: BID-54824, c03606700, CVE-2012-2960, HPSBMU02836, SSRT100864, VIGILANCE-VUL-11826, VU#960468.

Description of the vulnerability

The ArcSight Connector and Logger products allows the administrator to import a list of computers from a file:
 - System Admin
 - Network
 - Hosts
 - Import from Local File

However, imported names are then directly displayed by the service, without being filtered. An attacker can thus create a file containing a computer list with JavaScript, which is then inserted in web pages generated by the service.

An attacker can therefore invite the victim to import a malicious file with ArcSight Connector or Logger, in order to execute JavaScript code in his browser.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ArcSight Logger: