Microfocus: >> Arcsight Enterprise Security Manager >> 5.6 Security Vulnerabilities
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
CVSS Score
8.0
EPSS Score
0.005
Published
2016-03-16
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.002
Published
2016-03-16
HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
CVSS Score
7.2
EPSS Score
0.014
Published
2015-11-04
Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
CVSS Score
10.0
EPSS Score
0.012
Published
2015-03-14