Vulnerabilities (CVE)

Filtered by vendor Hp Subscribe
Filtered by product Arcsight Enterprise Security Manager
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-14358 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
CVE-2017-14357 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)
CVE-2017-14356 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 7.5 HIGH 9.8 CRITICAL
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
CVE-2017-13991 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.
CVE-2017-13990 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.
CVE-2017-13989 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 5.5 MEDIUM 8.1 HIGH
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information.
CVE-2017-13988 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
CVE-2017-13987 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
CVE-2017-13986 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.