HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/842252 | Third Party Advisory US Government Resource |
http://www.securitytracker.com/id/1034072 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1034073 | Third Party Advisory VDB Entry |
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04872416 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
No history.
Information
Published : 2015-11-04 03:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-6030
Mitre link : CVE-2015-6030
CVE.ORG link : CVE-2015-6030
JSON object : View
Products Affected
hp
- arcsight_command_center
- arcsight_express
- arcsight_logger
- arcsight_management_center
- arcsight_connector_appliance
- arcsight_connectors
microfocus
- arcsight_enterprise_security_manager
CWE
CWE-264
Permissions, Privileges, and Access Controls