Vulnerability Details CVE-2017-14356
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-14356
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager:6.9.1c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.11.0
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.5c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.8c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.0c
-
cpe:2.3:a:hp:arcsight_enterprise_security_manager_express:6.9.1c