The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Hewlett-Packard ArcSight Enterprise Security Manager

computer vulnerability note CVE-2016-1992

HP ArcSight ESM: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of HP ArcSight ESM, in order to obtain sensitive information.
Impacted products: ArcSight ESM.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Creation date: 16/03/2016.
Identifiers: c05048753, CVE-2016-1992, HPSBGN03558, VIGILANCE-VUL-19179.

Description of the vulnerability

The HP ArcSight ESM product offers a web service.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability of HP ArcSight ESM, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-1990 CVE-2016-1991

HP ArcSight ESM: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of HP ArcSight ESM.
Impacted products: ArcSight ESM.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 15/03/2016.
Identifiers: c05048452, CVE-2016-1990, CVE-2016-1991, HPSBGN03556, VIGILANCE-VUL-19170.

Description of the vulnerability

Several vulnerabilities were announced in HP ArcSight ESM.

An attacker can traverse directories, in order to read a file outside the root path. [severity:2/4; CVE-2016-1990]

A remote attacker can use a vulnerability, in order to run a local command. [severity:3/4; CVE-2016-1991]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-6030

HP ArcSight: privilege escalation

Synthesis of the vulnerability

A local attacker can alter files of HP ArcSight, in order to escalate his privileges.
Impacted products: ArcSight Connector, ArcSight ESM, ArcSight Express, ArcSight Logger, HPE ArcMC.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 04/11/2015.
Identifiers: c04872416, CVE-2015-6030, HPSBGN03430, VIGILANCE-VUL-18240, VU#842252.

Description of the vulnerability

The HP ArcSight product installs files belonging to the "arcsight" user, but run by the "root" user.

However, a local attacker with the "arcsight" privilege, can alter these files.

A local attacker can therefore alter files of HP ArcSight, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2014-7885

ArcSight ESM: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ArcSight ESM and Logger.
Impacted products: ArcSight ESM.
Severity: 2/4.
Consequences: user access/rights, client access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/03/2015.
Revision date: 18/03/2015.
Identifiers: c04562193, CVE-2014-7885, HPSBGN03249, VIGILANCE-VUL-16383, VU#868948.

Description of the vulnerability

Several vulnerabilities were announced in ArcSight ESM and Logger.

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-4815

HP ArcSight ESM: Cross Site Scripting of Management Interface

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in the Management Interface of HP ArcSight ESM, in order to execute JavaScript code in the context of the web site.
Impacted products: ArcSight ESM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 20/09/2013.
Identifiers: BID-62540, c03901176, CVE-2013-4815, HPSBGN02923, SSRT101101, VIGILANCE-VUL-13451.

Description of the vulnerability

The HP ArcSight ESM product offers a web service with a Management Interface.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in the Management Interface of HP ArcSight ESM, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Hewlett-Packard ArcSight Enterprise Security Manager: