Vulnerability Details CVE-2017-13988
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-13988
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c