Vulnerability Details CVE-2015-6030
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.1%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.kb.cert.org/vuls/id/842252
- http://www.securitytracker.com/id/1034072
- http://www.securitytracker.com/id/1034073
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416
- http://www.kb.cert.org/vuls/id/842252
- http://www.securitytracker.com/id/1034072
- http://www.securitytracker.com/id/1034073
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416
Products affected by CVE-2015-6030
-
cpe:2.3:a:hp:arcsight_command_center:6.8.0.1896.0
-
cpe:2.3:a:hp:arcsight_connector_appliance:6.4.0.6881.3
-
cpe:2.3:a:hp:arcsight_connectors:7.1.3
-
cpe:2.3:a:hp:arcsight_express:4.0
-
cpe:2.3:a:hp:arcsight_logger:6.0.0.7307.1
-
cpe:2.3:a:hp:arcsight_management_center:2.0
-
cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:5.6
-
cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.0
-
cpe:2.3:a:microfocus:arcsight_enterprise_security_manager:6.5