Vulnerability Details CVE-2017-13990
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 66.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2017-13990
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c