Vulnerability Details CVE-2017-13986
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2017-13986
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c